CVE-2023-45777 (High) detected in baseandroid-10.0.0_r34 #228
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2023-45777 - High Severity Vulnerability
Android framework classes and services
Library home page: https://android.googlesource.com/platform/frameworks/base
Found in HEAD commit: b97f4cac6885ec0e9b0d4e7a6f55b0e522f69cda
Found in base branch: master
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Publish Date: 2023-12-04
URL: CVE-2023-45777
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6
Release Date: 2023-12-04
Fix Resolution: android-14.0.0_r16
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: