OpenCVE

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Samsung Mobile	Cocktailbarservice

No data.

No data.

References

Link	Providers
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05

History

No history.

MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published: 2024-05-07T04:28:42.606Z

Updated: 2024-08-01T22:06:36.720Z

Reserved: 2023-12-05T04:57:52.540Z

Link: CVE-2024-20858

Vulnrichment

Updated: 2024-05-07T17:40:32.699Z

NVD

Status : Awaiting Analysis

Published: 2024-05-07T05:15:49.477

Modified: 2024-11-21T08:53:17.427

Link: CVE-2024-20858

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20858", "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "state": "PUBLISHED", "assignerShortName": "SamsungMobile", "dateReserved": "2023-12-05T04:57:52.540Z", "datePublished": "2024-05-07T04:28:42.606Z", "dateUpdated": "2024-08-01T22:06:36.720Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control"}]}], "affected": [{"vendor": "Samsung Mobile", "product": "Samsung Mobile Devices", "versions": [{"status": "unaffected", "version": "SMR May-2024 Release in Android 12, 13, 14"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application."}], "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "providerMetadata": {"orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "SamsungMobile", "dateUpdated": "2024-05-07T04:28:42.606Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20858", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-07T17:38:55.385205Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:samsung_mobile:cocktailbarservice:*:*:*:*:*:*:*:*"], "vendor": "samsung_mobile", "product": "cocktailbarservice", "versions": [{"status": "affected", "version": "0", "lessThan": "SMR May-2024", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:40:39.908Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:06:36.720Z"}, "title": "CVE Program Container", "references": [{"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=05", "tags": ["x_transferred"]}]}]}}