PT-2023-22923 · Unknown · Locksettings
Published
2023-09-05
·
Updated
2023-09-09
·
CVE-2023-30721
CVSS v3.1
4.4
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Locksettings versions prior to SMR Sep-2023 Release 1
Description
The issue allows a privileged local attacker to obtain lock screen match information from the log due to the insertion of sensitive information into the log. This can be exploited by a local attacker with privileged access.
Recommendations
For versions prior to SMR Sep-2023 Release 1, update to the SMR Sep-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Locksettings