In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2023-03-01 | Vendor Advisory |
Configurations
History
28 Mar 2023, 18:56
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://source.android.com/security/bulletin/2023-03-01 - Vendor Advisory | |
CWE | CWE-862 | |
First Time |
Google android
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
24 Mar 2023, 20:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-24 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-20959
Mitre link : CVE-2023-20959
CVE.ORG link : CVE-2023-20959
JSON object : View
Products Affected
- android
CWE
CWE-862
Missing Authorization