CVE-2022-0343

EUVD-2022-15503
A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user (typically a developer) manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
GoogleCNA
3.3 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
googleperfetto
𝑥
≤ 24.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://android-review.googlesource.com/c/platform/external/perfetto/+/1999296/
https://android-review.googlesource.com/c/platform/external/perfetto/+/1999296/