CVE-2023-21107

CVSS V2 None CVSS V3 None

Description

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017

Overview

CVE ID
CVE-2023-21107

Assigner
security@android.com

Vulnerability Status
Received

Published Version
2023-05-15T22:15:11

Last Modified Date
2023-05-15T22:15:11

References

Reference URL	Reference Tags
https://source.android.com/security/bulletin/2023-05-01

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-21107
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21107

History

Created	Old Value	New Value	Data Type	Notes
2023-05-15 23:02:29				Added to TrackCVE