CVE-2023-20726Missing Authorization in Google Android

CWE-862Missing Authorization4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 94.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google AndroidLinuxfoundation YoctoOpenwrt+1 more
Timeline
PublishedMay 15
Latest updateMay 16

Description

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

NVDgoogle/android11.0, 12.0, 13.0+2
NVDopenwrt/openwrt19.07.0, 21.02.0+1
NVDrdkcentral/rdkb2022q3
NVDlinuxfoundation/yocto2.6, 3.3+1

🔴Vulnerability Details

2
GHSA
GHSA-h233-44qc-53wp: In mnld, there is a possible leak of GPS location due to a missing permission check2023-05-16
CVEList
CVE-2023-20726: In mnld, there is a possible leak of GPS location due to a missing permission check2023-05-15

📋Vendor Advisories

1
Android
CVE-2023-20726: mnld2023-05-01
CVE-2023-20726 — Missing Authorization in Google | cvebase