CVE-2023-33188

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions Omni-notes versions prior to 6.2.7

Description The Omni-notes Android app has an issue with insufficient path validation when displaying note details received through an externally-provided intent. This allows malicious applications on the same device to force Omni-notes to copy files from its internal storage to the external storage directory, making them accessible to any component with permission to read the external storage.

Recommendations Update to version 6.2.7 of Omni-notes Android to fix the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-441CWE-610

Related Identifiers

CVE-2023-33188

GHSA-G38R-4CF6-3V32

Affected Products

Omni-Notes

CVE-2023-33188

Weakness Enumeration

Related Identifiers

Affected Products

References · 4