CVE-2020-0023 - CERT CVE
ID CVE-2020-0023
Sažetak In setPhonebookAccessPermission of AdapterService.java, there is a possible disclosure of user contacts over bluetooth due to a missing permission check. This could lead to local information disclosure if a malicious app enables contacts over a bluetooth connection, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145130871
Reference
CVSS
Base: 4.7
Impact: 6.9
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE NONE NONE
CVSS vektor AV:L/AC:M/Au:N/C:C/I:N/A:N
Zadnje važnije ažuriranje 21-07-2021 - 11:39
Objavljeno 13-02-2020 - 15:15