CVE-2023-40076

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Android (affected versions not specified)

Description The issue is related to the createPendingIntent function in CredentialManagerUi.java, which lacks protection of service data. This could allow an attacker to access credentials from other users due to a permissions bypass, leading to local escalation of privilege without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Incorrect Default Permissions

Information Disclosure

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-276CWE-200CWE-266

Related Identifiers

ASB-A-303835719

BDU:2023-08585

CVE-2023-40076

Affected Products

Android

CVE-2023-40076

Weakness Enumeration

Related Identifiers

Affected Products

References · 12