CVE-2023-21442Improper Access Control in Mobile Runestone

CWE-284Improper Access Control3 documents3 sources
Severity
5.5MEDIUMNVD
CNA4.0
EPSS
0.0%
top 85.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile RunestoneSamsung Android
Timeline
PublishedFeb 9

Description

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDsamsung/android11.0, 12.0+1
CVEListV5samsung_mobile/runestoneunspecified2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12)

🔴Vulnerability Details

2
GHSA
GHSA-j8jm-7c59-6vxq: Improper access control vulnerability in Runestone application prior to version 22023-02-09
CVEList
CVE-2023-21442: Improper access control vulnerability in Runestone application prior to version 22023-02-09
CVE-2023-21442 — Improper Access Control | cvebase