PT-2016-1865 · Google · Aosp Mail
Dzmitry Lukyanenka
·
Publicado
2016-05-09
·
Atualizado
2016-05-10
·
CVE-2016-2458
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
AOSP Mail versions 5.0.0 through 5.0.1
AOSP Mail versions 5.1.0
AOSP Mail versions 6.0.0 through 2016-04-30
Description
The compose functionality in AOSP Mail does not properly restrict attachments, allowing attackers to obtain sensitive information via a crafted application. This issue is related to ComposeActivity.java and ComposeActivityEmail.java.
Recommendations
For AOSP Mail versions 5.0.0 through 5.0.1, update to version 5.0.2 or later.
For AOSP Mail version 5.1.0, update to version 5.1.1 or later.
For AOSP Mail versions 6.0.0 through 2016-04-30, ensure that updates after 2016-05-01 are applied.
As a temporary workaround, consider restricting access to the compose functionality until a patch is available.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aosp Mail