{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-12T17:06:16.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sec.xiaomi.com"}, {"tags": ["x_refsource_MISC"], "url": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-20523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sec.xiaomi.com", "refsource": "MISC", "url": "https://sec.xiaomi.com"}, {"name": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser", "refsource": "MISC", "url": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser"}, {"name": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:05:17.321Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sec.xiaomi.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-20523", "datePublished": "2019-06-07T15:36:55.000Z", "dateReserved": "2018-12-27T00:00:00.000Z", "dateUpdated": "2024-08-05T12:05:17.321Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mi:stock_browser:10.2.4g:*:*:*:*:*:*:*", "matchCriteriaId": "A0DC836E-A962-4696-B765-9DAB9B8D2309", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8288623-A43F-46F6-9B59-BBCFEC0AC565", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "C86BB5D5-B558-454D-AA19-90BDD0DD7EC0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_7_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B0A059E-F85B-4881-B871-774FD04FF352", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_7:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63A02BC-7DB7-4B66-8FAC-CDAB57E54F48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_6_pro_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECA2BF3-67CD-464F-825F-C592D35371D1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_6_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "55301EB8-B8CB-4751-914E-90215167CC85", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_6_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8382ABD-1001-46EF-8DF8-1A4B592AEA0A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_6:-:*:*:*:*:*:*:*", "matchCriteriaId": "8693971A-0952-486D-B4A7-31F28F8D2499", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_6a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B132ECA-99BD-45B9-8BC1-45D1C4157C9B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_6a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3235BB2B-2C1C-471B-84FE-7635E576D841", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_s2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB77822-1E9A-425D-90F5-321073D424B0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "860F1BE9-BC38-4D9D-A0C4-DD6FADB0A419", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_5_pro_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A08FAE6A-A912-47E2-B52C-2285D0004DF1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_5_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD6D1DED-3D08-453C-ABDC-98592FCEA554", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_k20_pro_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "125A8634-664D-4B27-A9CE-BACC83C26660", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_k20_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B2AE104-2650-464E-B8DC-3102EB918216", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_k20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "72625F6B-126A-45A9-81CA-B55CA82CF857", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_k20:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F7002DB-5EB8-428C-AEFF-4C6EE3724F74", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_7a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9452287A-AAF7-4F99-A61C-1F805D1E1718", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_7a:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5835E6A-8895-4A9E-9ACC-AA9A0B910A41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_go_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "42E47022-5D30-4820-BFA4-C62D79B9DC4C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_go:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD6FE0F2-9D6B-402F-B51C-A397EE487A76", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E692DE1B-5C04-4560-9115-978DED863525", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_5:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9D5643A-363C-4F44-898C-B2E439A0A498", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_y3_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7F063F6-32F9-45D1-A71F-7B62DEBDD0DA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_y3:-:*:*:*:*:*:*:*", "matchCriteriaId": "31B37973-86E1-4A71-B1EE-350D49A19EF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_7s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9AC0B996-7930-4812-B2D3-C2C3334EE76A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_7s:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E7B4FA0-55EC-4C3C-8DC7-2C50852F2E50", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_s2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB77822-1E9A-425D-90F5-321073D424B0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_s2:-:*:*:*:*:*:*:*", "matchCriteriaId": "860F1BE9-BC38-4D9D-A0C4-DD6FADB0A419", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_4a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CAC196F-B4AD-4CBA-AC87-5C9FBBD9B9BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_4a:-:*:*:*:*:*:*:*", "matchCriteriaId": "60C89EAF-C0BB-4A4A-953E-66A4A7164C57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_4_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F485578A-F35B-470B-A94C-F641BE4F3F7B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_4:-:*:*:*:*:*:*:*", "matchCriteriaId": "6CA7C241-4382-4C31-A03D-3DBD86A9BE73", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_5_plus_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E0F1E18-5D74-4730-ADE4-AE4E4B07B373", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_5_plus:-:*:*:*:*:*:*:*", "matchCriteriaId": "76773FBD-9BFC-4B92-9782-138A72143A08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mi:redmi_note_5a_prime_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E64584F-0051-49DE-8FA8-6C06A37C3447", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mi:redmi_note_5a_prime:-:*:*:*:*:*:*:*", "matchCriteriaId": "24EB39E3-DC22-43FD-8435-47958DBD6B4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request."}, {"lang": "es", "value": "Xiaomi stock Browser versi\u00f3n 10.2.4.g en dispositivos Xiaomi Redmi Note 5 Pro y otros tel\u00e9fonos Redmi Android, permite inyecci\u00f3n en el proveedor de contenido. En otras palabras, una aplicaci\u00f3n de terceros puede leer el historial del explorador del usuario en texto sin cifrar mediante una petici\u00f3n app.provider.query content://com.android.browser.searchhistory/searchhistory."}], "id": "CVE-2018-20523", "lastModified": "2024-11-21T04:01:39.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-07T16:29:00.440", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://sec.xiaomi.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://sec.xiaomi.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}