CVE-2023-21279

Description

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Related CPE's

Could not find any relations

References

https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453

https://source.android.com/security/bulletin/2023-08-01

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io