4.6

CVE-2024-2364

Exploit
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KirillmakarovMusicshelf Version1.1 SwPlatformandroid
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 1.8 0.3 1.4
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 1.4 2.5 2.9
AV:L/AC:L/Au:M/C:P/I:N/A:N
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://vuldb.com/?ctiid.256320
Permissions Required
https://vuldb.com/?id.256320
Permissions Required