CVE-2023-21394

Name of the Vulnerable Software and Affected Versions TelecomServiceImpl.java (affected versions not specified)

Description The issue is related to a missing permission check in the registerPhoneAccount function of TelecomServiceImpl.java, which could lead to local information disclosure. This might allow revealing images from another user. The exploitation does not require additional execution privileges or user interaction. It is described as a bypass of a multi-user security boundary due to a confused deputy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.