Possible Confused Deputy Vulnerability in CameraActivity.java Could Lead to Local Information Disclosure

CVE-2024-0017

5.5MEDIUM

Key Information

Vendor: Google
Status: Android
Vendor: CVE Published:; 16 February 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Affected Version(s)

Android = 14

Android = 13

Android = 12L

News Articles

GBHackers News

CVE-2024-0017 CVE-2023-21383

Multiple Flaws With Android & Google Pixel Devices Let Attackers Elevate Privileges

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks.

4 weeks ago

Refferences

https://android.googlesource.com/platform/packages/apps/C...

https://source.android.com/security/bulletin/2024-01-01

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 26, 2024
First article discovered by GBHackers News
Nov 26, 2024
Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Nov 16, 2023

Collectors

NVD DatabaseMitre Database1 News Article(s)