CVE-2023-21387Log File Information Exposure in Google Android

CWE-532Log File Information Exposure2 documents2 sources
Severity
4.4MEDIUMNVD
EPSS
0.0%
top 99.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Android
Timeline
PublishedOct 30

Description

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

NVDgoogle/android< 14.0
CVEListV5google/android14

🔴Vulnerability Details

1
GHSA
GHSA-3r8q-7c9h-rfp6: In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure2023-10-30