CVE-2023-21105

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jun 15, 2023

Updated: Dec 18, 2024

CWE ID 918

Summary

CVE-2023-21105 is a vulnerability affecting multiple functions in ChooserActivity.java on Android-11, Android-12, Android-12L, and Android-13. It involves a confused deputy issue, where a process with insufficient privileges is erroneously granted access to resources that belong to another user. This error can result in local information disclosure without requiring any additional execution privileges. Notably, user interaction is not necessary for an attacker to exploit this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rhcowx
https://www.cve.org/CVERecord?id=CVE-2023-21105
https://nvd.nist.gov/vuln/detail/CVE-2023-21105

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners