CVE-2023-21292
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Aug 14, 2023
Updated: Aug 21, 2023
Summary
CVE-2023-21292 is a vulnerability affecting the ActivityManagerService in Android. In the function openContentUri, a confused deputy issue exists, enabling a third-party app to access restricted files. This can result in local information disclosure without the need for additional execution privileges or user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android