CVE-2022-4903

Source
https://cve.org/CVERecord?id=CVE-2022-4903
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4903.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4903
Aliases
Published
2023-02-10T14:31:04.394Z
Modified
2026-07-09T06:37:11.235795Z
Severity
  • 5.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
CodenameOne implicit intent for sensitive communication
Details

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/4xxx/CVE-2022-4903.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-927"
    ]
}
References

Affected packages

Git / github.com/codenameone/codenameone

Affected ranges

Type
GIT
Repo
https://github.com/codenameone/codenameone
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:codenameone:codename_one:7.0.70:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "7.0.70"
        },
        {
            "last_affected": "7.0.70"
        }
    ]
}

Affected versions

7.*
7.0.70

Database specific

vanir_signatures_modified
"2026-07-09T06:37:11Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4903.json"
vanir_signatures
[
    {
        "id": "CVE-2022-4903-04c92d7a",
        "digest": {
            "function_hash": "36877344019497821276300768048964651978",
            "length": 879.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "run",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-0716dbfb",
        "digest": {
            "function_hash": "130130732939266347534117978885108506015",
            "length": 1078.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "run",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-0938d6e4",
        "digest": {
            "function_hash": "141853281273280568049838748040451287883",
            "length": 1062.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "notifyStatusBar",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-0ff71b35",
        "digest": {
            "function_hash": "40582816749165746063443949308725673747",
            "length": 2407.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "scheduleLocalNotification",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-170013e9",
        "digest": {
            "line_hashes": [
                "164383335680271862189052334411367637242",
                "102055033940448787036655859903548064545",
                "63243485157875907660030023012884822696",
                "106761060958209900373462404642177258755",
                "10113950019849684765760217422323150098",
                "275785804413402371230754920054551119772",
                "320129139544161309736766953538928232309",
                "272558563703898223664654114172023946592",
                "74088016622943098573868349895200156947",
                "26580049680296824070129861441232367227"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/media/BackgroundAudioService.java"
        }
    },
    {
        "id": "CVE-2022-4903-4fb95fb9",
        "digest": {
            "line_hashes": [
                "259290748101794072823375624216890288795",
                "289003075427530827593995795811192515002",
                "310827738348986216529645505376499451011",
                "86280687402070831139637403932726385725",
                "230849698440083062383142960093367931332",
                "313800987364285487342443215058410615061",
                "84799492396721204751830042844211875949",
                "134244789773590190782507225119925728403"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
        }
    },
    {
        "id": "CVE-2022-4903-529e974c",
        "digest": {
            "function_hash": "163157470996203401087757317688934383185",
            "length": 246.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "stopReceivingPush",
            "file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
        }
    },
    {
        "id": "CVE-2022-4903-5550eef6",
        "digest": {
            "function_hash": "281723095631036592059112393436365796011",
            "length": 526.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "run",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-6ee3f183",
        "digest": {
            "line_hashes": [
                "223200637148117986365418397985229517582",
                "336939427200873227030258560499068583864",
                "152618386071270428338417025187727247451",
                "59358446324760344143529548601806915329",
                "126743955298698547876781658656742818934",
                "34261951101805170599165847783578090579",
                "140249256418319365020343215517270240622",
                "129834863271204692091586073209922459170",
                "118766260746933006250467344718549752882",
                "31415172167041481124800959431767478884",
                "304437844949055646292098986200185772384",
                "226255390839630967016271271152522680673",
                "141624593412895526813208532086282973067",
                "246946897683082054933707658930260122642",
                "122650517821646358920745219006168313790",
                "168798622431680454833951511376492627100",
                "35078118027897162284848684330597652187",
                "27723480311612934888879019142492789337",
                "256719378958012786553960559413740323558",
                "152618386071270428338417025187727247451",
                "42171477656584927571485038043538724653",
                "81182720712218589490609771634382760331",
                "123896730502091583238149949779651983240",
                "237501483700683248868986447570231344600",
                "5844059637552274734187748516675470009",
                "13759561847079725006743695514966038852",
                "62186865839158448342338834711435552481",
                "51297572599760427093797109995651911579",
                "167115802307676030222376214909789266789",
                "296642811201513188515219952136216827039",
                "232030520512403846645517675754845822223",
                "194141173064716007403423481055334763346",
                "122650517821646358920745219006168313790",
                "168798622431680454833951511376492627100",
                "35078118027897162284848684330597652187"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-74b1d573",
        "digest": {
            "function_hash": "142171598231807857693892608666856286744",
            "length": 301.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
        "deprecated": false,
        "target": {
            "function": "getBroadcastPendingIntent",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-8c4c5a23",
        "digest": {
            "function_hash": "111743325725105510710821781205958616477",
            "length": 294.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "registerForPush",
            "file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
        }
    },
    {
        "id": "CVE-2022-4903-9b8b7168",
        "digest": {
            "line_hashes": [
                "147325000548418726510091950039099875213",
                "337515311374095986403739776750901534093",
                "121819974712746291755095591355241007487",
                "41677693772098816928235477470187831941",
                "318053058187930713288698143905809011516",
                "94966864484162224526585258267702314224",
                "245667481129747334579433236072935477564"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/impl/android/PushNotificationService.java"
        }
    },
    {
        "id": "CVE-2022-4903-a8d05980",
        "digest": {
            "line_hashes": [
                "66622099463167929739696230244183883490",
                "215446660358200450221596320963654552119",
                "147251239780022113695084016782853250143",
                "333813441340925350853610663924774016462",
                "27850801660948281434945779191017350258",
                "331602240209189209207023179317339701915",
                "67353696509437057275225637816679011560",
                "263937694771034945432097387768619715275"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-b21dc877",
        "digest": {
            "function_hash": "180490490058289631804626388427933160175",
            "length": 299.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
        "deprecated": false,
        "target": {
            "function": "getPendingIntent",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-b6e82110",
        "digest": {
            "function_hash": "65372945659953187501475131633629013452",
            "length": 762.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "createBackgroundPendingIntent",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-bac419f7",
        "digest": {
            "function_hash": "266322968175644875419035017652936781293",
            "length": 1833.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "bindListener",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-bc3cc432",
        "digest": {
            "function_hash": "317269045506639854454393734069897120250",
            "length": 738.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "push",
            "file": "Ports/Android/src/com/codename1/impl/android/PushNotificationService.java"
        }
    },
    {
        "id": "CVE-2022-4903-cf68d55e",
        "digest": {
            "function_hash": "292424343476406790278347945850814437059",
            "length": 617.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "initMediaSession",
            "file": "Ports/Android/src/com/codename1/media/BackgroundAudioService.java"
        }
    },
    {
        "id": "CVE-2022-4903-cfae6beb",
        "digest": {
            "line_hashes": [
                "295589414188919779705870988553014978959",
                "163261913327268977721868415678261971379",
                "119165971484099704498405067349038335686",
                "20853753207823538052071395569323887816",
                "3481131365512957022566644321640369211",
                "155862126129945531702677471504103931366",
                "148012937468674448644314129434064894267",
                "80140789951384955130263139490041197742",
                "143193875915494457272859550824225132544",
                "74225790975738644538440168350960737720",
                "22636613123700624231494505771994688777",
                "108193378344694797409801823816929132771",
                "152765428082627370855145282698681230078",
                "107720581695982841740589036417100009340",
                "226246665998162788093787129251012068768",
                "7731114312158179473833517925658877506",
                "202736911576791207738586053394763098063",
                "165319244303037094301260174066638242462",
                "299498025450999179167953466220537697651",
                "152823801070448036030854698762726380514",
                "282770386441480019373047690993290401056",
                "143839289131676296855502807447186095837",
                "100019677810596350022328760646623914364",
                "289078666708536547056094226471679877534",
                "157052617262743467658826357951845184508",
                "252800286184698856392914948500036183179",
                "328446358809383225826637063472390456290",
                "303849357483831173717924822818442706542"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-dc8ecbf2",
        "digest": {
            "function_hash": "243180564244658640218205111363512677131",
            "length": 1434.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "addActionsToNotification",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-dd123792",
        "digest": {
            "function_hash": "131450302331053466603527981527043112999",
            "length": 1636.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "run",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-ea708344",
        "digest": {
            "function_hash": "213498008797857880025577497705715360316",
            "length": 1076.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "clearListener",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    },
    {
        "id": "CVE-2022-4903-f17a2f93",
        "digest": {
            "function_hash": "14456050024670177320249122779048398618",
            "length": 357.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "cancelLocalNotification",
            "file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
        }
    },
    {
        "id": "CVE-2022-4903-f710b04e",
        "digest": {
            "function_hash": "274693962417594367875105713134958280388",
            "length": 909.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
        "deprecated": false,
        "target": {
            "function": "createGeofencePendingIntent",
            "file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
        }
    }
]