CVE-2023-44124Use of Implicit Intent for Sensitive Communication in Electronics LG V60 Thin Q 5G

CWE-927Use of Implicit Intent for Sensitive CommunicationCWE-668Resource Exposure2 documents2 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 94.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LG Electronics LG V60 Thin Q 5GGoogle Android
Timeline
PublishedSep 27

Description

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary UR

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDgoogle/android12.0, 13.0+1
CVEListV5lg_electronics/lg_v60_thin_q_5gAndroid 12, 13

🔴Vulnerability Details

1
GHSA
GHSA-pw4c-h493-rxm2: The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com2023-09-27