CVE-2023-44093Sensitive Information Exposure in Huawei Emui

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 76.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei EmuiHuawei Harmonyos
Timeline
PublishedOct 11

Description

Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5huawei/emui4 versions+3
NVDhuawei/emui4 versions+3
CVEListV5huawei/harmonyos5 versions+4
NVDhuawei/harmonyos5 versions+4

🔴Vulnerability Details

2
CVEList
CVE-2023-44093: Vulnerability of package names' public keys not being verified in the security module2023-10-11
GHSA
GHSA-967w-wxwg-hhh6: Vulnerability of package names' public keys not being verified in the security module2023-10-11
CVE-2023-44093 — Sensitive Information Exposure | cvebase