CVE-2023-21254

Name of the Vulnerable Software and Affected Versions OneTimePermissionUserManager.java (affected versions not specified)

Description The issue is caused by a logic error in the code of OneTimePermissionUserManager.java, specifically in the getCurrentState method. This error allows one-time permissions to be held after the app is killed, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.