CVE-2023-21283

EUVD-2023-25451
In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
googleandroid
11.0
googleandroid
12.0
googleandroid
12.1
googleandroid
13.0
𝑥
= Vulnerable software versions
References
https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc
https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24
https://source.android.com/security/bulletin/2023-08-01
https://android.googlesource.com/platform/frameworks/base/+/e17fd149c0a2bf6cce56ebfae3fa5364fead22cc
https://android.googlesource.com/platform/packages/services/Telecomm/+/9b41a963f352fdb3da1da8c633d45280badfcb24
https://source.android.com/security/bulletin/2023-08-01