Lucene search

[email protected]NVD:CVE-2022-20466

HistoryDec 13, 2022 - 4:15 p.m.

CVE-2022-20466

2022-12-1316:15:15

CWE-1188

[email protected]

web.nvd.nist.gov

android

notificationshadewindowcontrollerimpl

informationdisclosure

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

15.8%

JSON

In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user’s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730

Affected configurations

NVD

Node

googleandroidMatch10.0

googleandroidMatch11.0

googleandroidMatch12.0

googleandroidMatch13.0

References

source.android.com/security/bulletin/2022-12-01

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for NVD:CVE-2022-20466

prion1 cve1 cvelist1 osv1 ics1