CVE-2021-0304

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of the user's contacts with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-8.0, Android-8.1, Android-9; Android ID: A-162738636.

• CVE ID
• CVE-2021-0304

• Assigner
• security@android.com

• Vulnerability Status
• Analyzed

• Published Version
• 2021-01-11T22:15:13

• Last Modified Date
• 2022-07-12T17:42:04

• Version
• 2.0

• Vector String
• AV:L/AC:L/Au:N/C:C/I:N/A:N

• Access Vector
• LOCAL

• Access Compatibility
• LOW

• Authentication
• NONE

• Confidentiality Impact
• COMPLETE

• Integrity Impact
• NONE

• Availability Impact
• NONE

• Base Score
• 4.9

• Severity
• MEDIUM

• Exploitability Score
• 3.9

• Impact Score
• 6.9

• Version
• 3.1

• Vector String
• CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

• Attack Vector
• LOCAL

• Attack Compatibility
• LOW

• Privileges Required
• LOW

• User Interaction
• NONE

• Scope
• UNCHANGED

• Confidentiality Impact
• HIGH

• Availability Impact
• NONE

• Base Score
• 5.5

• Base Severity
• MEDIUM

• Exploitability Score
• 1.8

• Impact Score
• 3.6