Possible Confused Deputy Vulnerability in CameraActivity.java Could Lead to Local Information Disclosure
CVE-2024-0017

5.5MEDIUM

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 16 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Version(s)

Android 14

Android 13

Android 12L

News Articles

GBHackers News

CVE-2024-0017 CVE-2023-21383

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks.

2 months ago

References

https://android.googlesource.com/platform/packages/apps/C...

https://source.android.com/security/bulletin/2024-01-01

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 26, 2024
📰
First article discovered by GBHackers News
Nov 26, 2024
Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Nov 16, 2023