CVE-2017-13227 — Sensitive Information Exposure in Google Android

3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android

Timeline

PublishedNov 14

Latest updateNov 15

Description

In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/android8.0, 8.1+1

▶googlegoogle/android

Patches

Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-4pcq-7rw3-2jvx: In the autofill service, the package name that is provided by the app process is trusted inappropriately↗2024-11-15

▶

📋Vendor Advisories

Android

CVE-2017-13227: Android Security Bulletin 2018-06-01 CVE: CVE-2017-13227 Severity: HIGH Type: ID Affected AOSP versions: 8↗2018-06-01

▶