CVE-2023-40092
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Dec 4, 2023
Updated: Feb 2, 2024
Summary
CVE-2023-40092 is a vulnerability affecting the ShortcutService.java in a certain system. This issue involves a confused deputy condition in the "verifyShortcutInfoPackage" function, which can result in the unintended exposure of another user's image. This local information disclosure occurs without requiring additional execution privileges or user interaction, making it potentially dangerous.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Android