PT-2024-18710 · Google+1 · Android 12+3
Dawuge
·
Published
2024-01-04
·
Updated
2024-04-02
·
CVE-2024-20804
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MyFiles versions prior to SMR Jan-2024 Release 1 in Android 11 and Android 12
MyFiles version 14.5.00.21 in Android 13
Description
The issue allows local attackers to write arbitrary files due to a path traversal vulnerability in the FileUriConverter of MyFiles. This vulnerability enables attackers to potentially access and modify sensitive data.
Recommendations
For MyFiles versions prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, update to a version that includes the SMR Jan-2024 Release 1 or later.
For MyFiles version 14.5.00.21 in Android 13, update to a version later than 14.5.00.21.
As a temporary workaround, consider restricting access to the FileUriConverter to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android 11
Android 12
Android 13
Myfiles