Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2018-20523
HistoryJun 07, 2019 - 4:29 p.m.

CVE-2018-20523

2019-06-0716:29:00
CWE-77
mitre
web.nvd.nist.gov
85
xiaomi
stock browser
redmi
android
content provider
injection
cve-2018-20523
security issue

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON

Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user’s cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.

Affected configurations

Nvd
Node
mistock_browserMatch10.2.4g
Node
miredmi_7_firmwareMatch-
AND
miredmi_7Match-
Node
miredmi_note_7_firmwareMatch-
AND
miredmi_note_7Match-
Node
miredmi_note_6_pro_firmwareMatch-
AND
miredmi_note_6_proMatch-
Node
miredmi_6_firmwareMatch-
AND
miredmi_6Match-
Node
miredmi_6a_firmwareMatch-
AND
miredmi_6aMatch-
Node
miredmi_s2_firmwareMatch-
AND
miredmi_s2Match-
Node
miredmi_note_5_pro_firmwareMatch-
AND
miredmi_note_5_proMatch-
Node
miredmi_k20_pro_firmwareMatch-
AND
miredmi_k20_proMatch-
Node
miredmi_k20_firmwareMatch-
AND
miredmi_k20Match-
Node
miredmi_7a_firmwareMatch-
AND
miredmi_7aMatch-
Node
miredmi_go_firmwareMatch-
AND
miredmi_goMatch-
Node
miredmi_note_5_firmwareMatch-
AND
miredmi_note_5Match-
Node
miredmi_y3_firmwareMatch-
AND
miredmi_y3Match-
Node
miredmi_note_7s_firmwareMatch-
AND
miredmi_note_7sMatch-
Node
miredmi_s2_firmwareMatch-
AND
miredmi_s2Match-
Node
miredmi_4a_firmwareMatch-
AND
miredmi_4aMatch-
Node
miredmi_note_4_firmwareMatch-
AND
miredmi_note_4Match-
Node
miredmi_5_plus_firmwareMatch-
AND
miredmi_5_plusMatch-
Node
miredmi_note_5a_prime_firmwareMatch-
AND
miredmi_note_5a_primeMatch-
VendorProductVersionCPE
mistock_browser10.2.4gcpe:2.3:a:mi:stock_browser:10.2.4g:*:*:*:*:*:*:*
miredmi_7_firmware-cpe:2.3:o:mi:redmi_7_firmware:-:*:*:*:*:*:*:*
miredmi_7-cpe:2.3:h:mi:redmi_7:-:*:*:*:*:*:*:*
miredmi_note_7_firmware-cpe:2.3:o:mi:redmi_note_7_firmware:-:*:*:*:*:*:*:*
miredmi_note_7-cpe:2.3:h:mi:redmi_note_7:-:*:*:*:*:*:*:*
miredmi_note_6_pro_firmware-cpe:2.3:o:mi:redmi_note_6_pro_firmware:-:*:*:*:*:*:*:*
miredmi_note_6_pro-cpe:2.3:h:mi:redmi_note_6_pro:-:*:*:*:*:*:*:*
miredmi_6_firmware-cpe:2.3:o:mi:redmi_6_firmware:-:*:*:*:*:*:*:*
miredmi_6-cpe:2.3:h:mi:redmi_6:-:*:*:*:*:*:*:*
miredmi_6a_firmware-cpe:2.3:o:mi:redmi_6a_firmware:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 371

Related

exploitdb 1
cvelist 1
prion 1
nvd 1
packetstorm 1
zdt 1
exploitdb
exploitdb
Xiaomi browser 10.2.4.g - Browser Search History Disclosure
2021-08-10 00:00:00
cvelist
cvelist
CVE-2018-20523
2019-06-07 15:36:55
prion
prion
Design/Logic Flaw
2019-06-07 16:29:00
nvd
nvd
CVE-2018-20523
2019-06-07 16:29:00
packetstorm
packetstorm
Xiaomi 10.2.4.g Information Disclosure
2021-08-12 00:00:00
zdt
zdt
Xiaomi browser 10.2.4.g - Browser Search History Disclosure Vulnerability
2021-08-10 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.012

Percentile

85.2%

JSON
Related for CVE-2018-20523
exploitdb1cvelist1prion1nvd1packetstorm1zdt1