PT-2022-23673 · Unknown · Contactsprovider
Sergey Toshin
·
Published
2022-09-09
·
Updated
2022-10-01
·
CVE-2022-36869
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Contacts Provider versions prior to 12.7.59
Description
The issue is related to an improper access control vulnerability in the ContactsDumpActivity of the Contacts Provider. This vulnerability allows an attacker to access a file without the necessary permissions.
Recommendations
For versions prior to 12.7.59, update to version 12.7.59 or later to resolve the issue.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contactsprovider