In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2022-08-01 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2022-08-09T20:22:32
Updated: 2024-08-03T02:10:44.617Z
Reserved: 2021-10-14T00:00:00
Link: CVE-2022-20350
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-08-10T20:15:26.690
Modified: 2022-08-12T07:02:44.967
Link: CVE-2022-20350
Redhat
No data.