In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2022-05-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-05-10 13:15
Updated : 2022-05-16 08:40
NVD link : CVE-2022-20011
Mitre link : CVE-2022-20011
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
- android