PT-2019-16216 · Google · Android

Publicado

2019-09-05

Atualizado

2021-07-21

CVE-2019-2124

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions 7.1.1 through 9

Description The issue allows for silent attachment of files to an email, potentially leading to local information disclosure due to a confused deputy in the ComposeActivityEmailExternal class of ComposeActivityEmailExternal.java.

Recommendations For Android versions 7.1.1 through 9, consider restricting access to email attachments to minimize the risk of exploitation until a fix is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-2124

Produtos afetados

Android

PT-2019-16216 · Google · Android

CVE-2019-2124

Identificadores relacionados

Produtos afetados

Referências · 3