CVE-2024-23706

Опубликовано: 07 мая 2024

Источник: nvd

CVSS3: 7.8

CVSS3: 7.4

EPSS Низкий

Описание

In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87
Mailing List
Patch
https://source.android.com/security/bulletin/2024-05-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87
Mailing List
Patch
https://source.android.com/security/bulletin/2024-05-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 0%

0.00004

Низкий

7.8 High

CVSS3

7.4 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20

Связанные уязвимости

GHSA-3g5p-5p6j-r9qp

CVSS3: 7.4

github

больше 1 года назад

EPSS

Процентиль: 0%

0.00004

Низкий

7.8 High

CVSS3

7.4 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-20