CVE-2023-40124

2024-02-1523:15:08

google_android

web.nvd.nist.gov

5443

cve-2023-40124

cross-user read

local information disclosure

nvd

confused deputy

AI Score

Confidence

Low

EPSS

Percentile

9.0%

JSON

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

Vulners

Node

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch12

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch12

googleandroidMatch11

VendorProductVersionCPE
googleandroid13cpe:2.3:o:google:android:13:*:*:*:*:*:*:*
googleandroid12lcpe:2.3:o:google:android:12l:*:*:*:*:*:*:*
googleandroid12cpe:2.3:o:google:android:12:*:*:*:*:*:*:*
googleandroid11cpe:2.3:o:google:android:11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	13	cpe:2.3:o:google:android:13:::::::*
google	android	12l	cpe:2.3:o:google:android:12l:::::::*
google	android	12	cpe:2.3:o:google:android:12:::::::*
google	android	11	cpe:2.3:o:google:android:11:::::::*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "13",
        "status": "affected"
      },
      {
        "version": "12L",
        "status": "affected"
      },
      {
        "version": "12",
        "status": "affected"
      },
      {
        "version": "11",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]