CVE-2022-20520 — UI Misrepresentation / Clickjacking in Google Android

CWE-1021 — UI Misrepresentation / Clickjacking CWE-102 — Struts: Duplicate Validation Forms3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 78.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Apps STK Google Android

Timeline

PublishedDec 16

Latest updateDec 20

Description

In onCreate of various files, there is a possible tapjacking/overlay attack. This could lead to local escalation of privilege or denial of server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227203202

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

▶Androidplatform/packages_apps_stk13:0 — 13:2022-12-01

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-5g7j-9r76-23cc: In onCreate of various files, there is a possible tapjacking/overlay attack↗2022-12-20

▶

OSV

CVE-2022-20520: In onCreate of various files, there is a possible tapjacking/overlay attack↗2022-12-01

▶