Описание
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Ссылки
- PatchProduct
- PatchProduct
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.8 High
CVSS3
Дефекты
Связанные уязвимости
In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Уязвимость функции validateUriSchemeAndPermission() модуля DisclaimersParserImpl.java операционных систем Android, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3