6.8

CVE-2024-0032

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version11.0
GoogleAndroid Version12.0
GoogleAndroid Version12.1
GoogleAndroid Version13.0
GoogleAndroid Version14.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.45% 0.359
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 0.6 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 0.9 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://source.android.com/security/bulletin/2024-02-01
Patch
Vendor Advisory
https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7
Patch
Mailing List
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394
Patch
Mailing List
https://source.android.com/security/bulletin/2025-03-01
https://android.googlesource.com/platform/frameworks/base/+/a6321142ea43053ea8d0db516eede4c35c5dab18
https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b2cc552f8e1ed982e6662f64baa2cdbf1acaf777