CVE-2024-43086
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Nov 13, 2024
Updated: Nov 15, 2024
CWE ID 276
Summary
CVE-2024-43086 is a local information disclosure vulnerability affecting the AccountManagerService.java in the validateAccountsInternal function. This issue stems from a confused deputy situation, allowing third-party applications to potentially leak account credentials without requiring additional execution privileges. User interaction is not necessary for exploitation.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Android