Description
In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-39680 | In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
References
History
Tue, 29 Oct 2024 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-470 |
Thu, 26 Sep 2024 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: google_android
Published:
Updated: 2024-10-29T17:59:02.103Z
Reserved: 2023-06-15T02:50:31.873Z
Link: CVE-2023-35680
Updated: 2024-08-02T16:30:44.575Z
Status : Modified
Published: 2023-09-11T21:15:42.490
Modified: 2026-06-17T06:04:59.807
Link: CVE-2023-35680
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
- NVD-CWE-Other
EUVD