CVE-2024-34721

Опубликовано: 09 июл. 2024

Источник: nvd

CVSS3: 5.5

CVSS3: 6.2

EPSS Низкий

Описание

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Ссылки

https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a
Mailing List
Patch
https://source.android.com/security/bulletin/2024-07-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7a1cbf5a8e17e6bff7c835fdd30dcc42b681db0a
Mailing List
Patch
https://source.android.com/security/bulletin/2024-07-01
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

5.5 Medium

CVSS3

6.2 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-922

Связанные уязвимости

GHSA-2cgp-j8vp-ww2f

CVSS3: 6.2

github

больше 1 года назад

EPSS

Процентиль: 8%

0.0003

Низкий

5.5 Medium

CVSS3

6.2 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-922