First published: Mon Oct 02 2023(Updated: )
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | =11.0 | |
Google Android | =12.0 | |
Google Android | =12.1 | |
Google Android | =13.0 |
https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-40137.
The title of the vulnerability is 'In multiple functions of DialogFillUi.java there is a possible way to view another user's images due...'
The severity of CVE-2023-40137 is high.
CVE-2023-40137 can lead to local information disclosure on Google Android.
No, user interaction is not needed for exploitation of CVE-2023-40137.