CVE-2018-9467Incorrect Default Permissions in Google Android

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 65.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedNov 20

Description

In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/android5 versions+4
NVDgoogle/android6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-p69h-9rqf-qr43: In the getHost() function of UriTest2024-11-20

📋Vendor Advisories

1
Android
CVE-2018-9467: Android Security Bulletin 2018-09-01 CVE: CVE-2018-9467 Severity: HIGH Type: EoP Affected AOSP versions: 72018-09-01