CVE-2023-20929 — Sensitive Information Exposure in Google Android

29 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 88.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Packages Modules Connectivity Google Android

Timeline

PublishedMar 24

Description

In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/androidAndroid-13

▶NVDgoogle/android13.0

▶Androidplatform/packages_modules_connectivity13-next:0 — 13-next:2023-03-01+1

Patches

Patch: source.android.com ↗Patch: source.android.com ↗

🔴Vulnerability Details

GHSA

GHSA-848g-h6v9-26j6: In sendHalfSheetCancelBroadcast of HalfSheetActivity↗2023-03-24

▶

CVEList

CVE-2023-20929: In sendHalfSheetCancelBroadcast of HalfSheetActivity↗2023-03-24

▶

OSV

CVE-2023-20929: In sendHalfSheetCancelBroadcast of HalfSheetActivity↗2023-03-01

▶

📋Vendor Advisories

Android

CVE-2023-20929: Android Security Bulletin 2023-03-01 CVE: CVE-2023-20929 Severity: HIGH Type: ID Affected AOSP versions: 13 References: A-234442700↗2023-03-01

▶

🕵️Threat Intelligence

Crowdstrike

CrowdStrike Named a Leader with “Exceptional” MDR Service: 2023 Forrester Wave for MDR↗

▶

Crowdstrike

November Patch Tuesday 2023: Updates and Analysis↗

▶

Crowdstrike

January 2023 Patch Tuesday: Updates and Analysis↗

▶