exploitDog

CVE-2024-31323

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/packages/modules/HealthFitness/+/c4e13d15e8dd1df1bd827117d1a74c187ed2b3c2
Mailing List
Patch
https://source.android.com/security/bulletin/2024-06-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/packages/modules/HealthFitness/+/c4e13d15e8dd1df1bd827117d1a74c187ed2b3c2
Mailing List
Patch
https://source.android.com/security/bulletin/2024-06-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00039

Низкий

7.8 High

CVSS3

Дефекты

CWE-1021

CWE-269

Связанные уязвимости

GHSA-2cm2-8q39-h9qp

CVSS3: 7.8

github

около 1 года назад

In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS

Процентиль: 10%

0.00039

Низкий

7.8 High

CVSS3

Дефекты

CWE-1021

CWE-269