Description
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
References
https://source.android.com/security/bulletin/aaos/2023-01-01
https://source.android.com/security/bulletin/aaos/2023-01-01
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-26T20:15:26.967Z
3 years agoLast modified
2025-04-02T13:15:44.183Z
11 months ago