There is a possible information disclosure due to a missing permission check in Pixel Watch
CVE-2023-4164

8.4HIGH

Key Information:

Vendor: Google
Status: Pixel Watch
Vendor: CVE Published:; 2 January 2024

Summary

A security vulnerability has been identified in the Android Pixel Watch that allows for potential local information disclosure of sensitive health data due to a missing permission check. This absence of proper enforcement measures means that unauthorized access could occur without the need for additional execution privileges, potentially compromising the privacy of users' health information. It is crucial for users to be aware of this issue and for organizations to implement necessary patches or workarounds to mitigate the risk associated with this vulnerability.

Affected Version(s)

Pixel Watch Android v10

References

https://source.android.com/docs/security/bulletin/pixel-w...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
Aug 4, 2023

Collectors

NVD DatabaseMitre Database