CVE-2022-20340

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description The issue concerns a missing permission check in the SELinux policy, which could allow local information disclosure about the websites being opened in the browser. This can be exploited without additional execution privileges or user interaction.

Recommendations For Android version Android-13, apply the necessary patch or update to include the missing permission check in the SELinux policy to prevent local information disclosure.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2022-20340

Affected Products

Android

CVE-2022-20340

Weakness Enumeration

Related Identifiers

Affected Products

References · 3