CVE-2022-20515

Name of the Vulnerable Software and Affected Versions Android versions Android-13

Description In the onPreferenceClick method of AccountTypePreferenceLoader.java, there is a possible way to retrieve protected files from the Settings app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Android version Android-13, consider restricting access to sensitive files in the Settings app to minimize the risk of exploitation. As a temporary workaround, review and limit the functionality of the AccountTypePreferenceLoader.java class until a patch is available.