CVE-2024-43086

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 13, 2024
Updated: Nov 15, 2024
CWE ID 276

Summary

CVE-2024-43086 is a local information disclosure vulnerability affecting the AccountManagerService.java in the validateAccountsInternal function. This issue stems from a confused deputy situation, allowing third-party applications to potentially leak account credentials without requiring additional execution privileges. User interaction is not necessary for exploitation.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share