CVE-2023-20918

EPSS 1.11%
Veröffentlicht 13.07.2023 00:15:23
Zuletzt bearbeitet 21.11.2024 07:41:49
Quelle security@android.com
CVE-Watchlists
Login
Unerledigt
Login

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version11.0

Google ≫ Android Version12.0

Google ≫ Android Version12.1

Google ≫ Android Version13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.11%	0.776

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://source.android.com/security/bulletin/2023-07-01

Patch

Vendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d

Patch

https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf

Patch

https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-20918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20918

EUVD