Improper Access Control in Samsung Gallery Affects User Data Privacy
CVE-2024-20827

4.6MEDIUM

Key Information:

Vendor: Samsung
Status: Gallery
Vendor: CVE Published:; 6 February 2024

Summary

The Samsung Gallery application has a vulnerability that permits unauthorized physical access to user photos when a physical keyboard is utilized on the lock screen. This flaw affects all versions of Samsung Gallery prior to 14.5.04.4, posing significant risks to user data privacy and security. Attackers can exploit this weakness, making it imperative for users to update their applications to the latest versions to mitigate potential threats.

Affected Version(s)

Gallery 14.5.04.4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2024
Vulnerability Reserved
Dec 5, 2023