Описание
In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Ссылки
- https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7Mailing ListPatch
- Mailing ListPatch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
EPSS
Процентиль: 5%
0.0002
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284
Связанные уязвимости
CVSS3: 6.8
github
почти 2 года назад
In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
EPSS
Процентиль: 5%
0.0002
Низкий
6.5 Medium
CVSS3
6.8 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-284