CVE-2023-21306

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Oct 30, 2023
Updated: Nov 6, 2023
CWE ID 203

Summary

CVE-2023-21306 is a newly identified vulnerability affecting ContentService. This issue permits an attacker to potentially read installed sync content providers through a side channel information disclosure. No user interaction is required for exploitation, making this a concerning vulnerability for local information disclosure. The flaw exists in the ContentService, and an attacker can leverage side channel data to gain unauthorized access to sensitive data without requiring further execution privileges.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share