CVE-2022-4903
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-4903
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4903.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-4903
- Aliases
- Published
- 2023-02-10T15:15:11.717Z
- Modified
- 2025-11-20T12:12:13.767746Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.
- References
Affected packages
Git / github.com/codenameone/codenameone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/codenameone/codenameone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
7.*
7.0.65
7.0.66
7.0.67
7.0.68
7.0.69
7.0.70
v3.*
v3.5
v3.6
v3.7.3
v3.8.3
v4.*
v4.0
v4.1
v4.2
v4.3
v5.*
v5.0
v6.*
v6.0
v7.*
v7.0
v7.0.13
v7.0.14
v7.0.15
v7.0.16
v7.0.17
v7.0.18
v7.0.19
v7.0.20
v7.0.21
v7.0.22
v7.0.23
v7.0.24
v7.0.25
v7.0.26
v7.0.27
v7.0.28
v7.0.29
v7.0.30
v7.0.31
v7.0.32
v7.0.33
v7.0.34
v7.0.35
v7.0.36
v7.0.37
v7.0.38
v7.0.39
v7.0.40
v7.0.41
v7.0.42
v7.0.43
v7.0.44
v7.0.45
v7.0.46
v7.0.47
v7.0.48
v7.0.49
v7.0.50
v7.0.51
v7.0.52
v7.0.53
v7.0.54
v7.0.55
v7.0.56
v7.0.57
v7.0.58
v7.0.59
v7.0.60
v7.0.61
v7.0.62
v7.0.63
v7.0.64
v7.0.8-b1
Other
version7
Database specific
vanir_signatures
[
{
"target": {
"function": "run",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 879.0,
"function_hash": "36877344019497821276300768048964651978"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-04c92d7a"
},
{
"target": {
"function": "run",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 1078.0,
"function_hash": "130130732939266347534117978885108506015"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-0716dbfb"
},
{
"target": {
"function": "notifyStatusBar",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 1062.0,
"function_hash": "141853281273280568049838748040451287883"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-0938d6e4"
},
{
"target": {
"function": "scheduleLocalNotification",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 2407.0,
"function_hash": "40582816749165746063443949308725673747"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-0ff71b35"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/media/BackgroundAudioService.java"
},
"digest": {
"line_hashes": [
"164383335680271862189052334411367637242",
"102055033940448787036655859903548064545",
"63243485157875907660030023012884822696",
"106761060958209900373462404642177258755",
"10113950019849684765760217422323150098",
"275785804413402371230754920054551119772",
"320129139544161309736766953538928232309",
"272558563703898223664654114172023946592",
"74088016622943098573868349895200156947",
"26580049680296824070129861441232367227"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-170013e9"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
},
"digest": {
"line_hashes": [
"259290748101794072823375624216890288795",
"289003075427530827593995795811192515002",
"310827738348986216529645505376499451011",
"86280687402070831139637403932726385725",
"230849698440083062383142960093367931332",
"313800987364285487342443215058410615061",
"84799492396721204751830042844211875949",
"134244789773590190782507225119925728403"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-4fb95fb9"
},
{
"target": {
"function": "stopReceivingPush",
"file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
},
"digest": {
"length": 246.0,
"function_hash": "163157470996203401087757317688934383185"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-529e974c"
},
{
"target": {
"function": "run",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 526.0,
"function_hash": "281723095631036592059112393436365796011"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-5550eef6"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"line_hashes": [
"223200637148117986365418397985229517582",
"336939427200873227030258560499068583864",
"152618386071270428338417025187727247451",
"59358446324760344143529548601806915329",
"126743955298698547876781658656742818934",
"34261951101805170599165847783578090579",
"140249256418319365020343215517270240622",
"129834863271204692091586073209922459170",
"118766260746933006250467344718549752882",
"31415172167041481124800959431767478884",
"304437844949055646292098986200185772384",
"226255390839630967016271271152522680673",
"141624593412895526813208532086282973067",
"246946897683082054933707658930260122642",
"122650517821646358920745219006168313790",
"168798622431680454833951511376492627100",
"35078118027897162284848684330597652187",
"27723480311612934888879019142492789337",
"256719378958012786553960559413740323558",
"152618386071270428338417025187727247451",
"42171477656584927571485038043538724653",
"81182720712218589490609771634382760331",
"123896730502091583238149949779651983240",
"237501483700683248868986447570231344600",
"5844059637552274734187748516675470009",
"13759561847079725006743695514966038852",
"62186865839158448342338834711435552481",
"51297572599760427093797109995651911579",
"167115802307676030222376214909789266789",
"296642811201513188515219952136216827039",
"232030520512403846645517675754845822223",
"194141173064716007403423481055334763346",
"122650517821646358920745219006168313790",
"168798622431680454833951511376492627100",
"35078118027897162284848684330597652187"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-6ee3f183"
},
{
"target": {
"function": "getBroadcastPendingIntent",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 301.0,
"function_hash": "142171598231807857693892608666856286744"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-74b1d573"
},
{
"target": {
"function": "registerForPush",
"file": "Ports/Android/src/com/codename1/impl/android/CodenameOneActivity.java"
},
"digest": {
"length": 294.0,
"function_hash": "111743325725105510710821781205958616477"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-8c4c5a23"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/impl/android/PushNotificationService.java"
},
"digest": {
"line_hashes": [
"147325000548418726510091950039099875213",
"337515311374095986403739776750901534093",
"121819974712746291755095591355241007487",
"41677693772098816928235477470187831941",
"318053058187930713288698143905809011516",
"94966864484162224526585258267702314224",
"245667481129747334579433236072935477564"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-9b8b7168"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"line_hashes": [
"66622099463167929739696230244183883490",
"215446660358200450221596320963654552119",
"147251239780022113695084016782853250143",
"333813441340925350853610663924774016462",
"27850801660948281434945779191017350258",
"331602240209189209207023179317339701915",
"67353696509437057275225637816679011560",
"263937694771034945432097387768619715275"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-a8d05980"
},
{
"target": {
"function": "getPendingIntent",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 299.0,
"function_hash": "180490490058289631804626388427933160175"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/9a94e2c04c0043db5650a005e23bfbfcaa51a47a",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-b21dc877"
},
{
"target": {
"function": "createBackgroundPendingIntent",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 762.0,
"function_hash": "65372945659953187501475131633629013452"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-b6e82110"
},
{
"target": {
"function": "bindListener",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 1833.0,
"function_hash": "266322968175644875419035017652936781293"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-bac419f7"
},
{
"target": {
"function": "push",
"file": "Ports/Android/src/com/codename1/impl/android/PushNotificationService.java"
},
"digest": {
"length": 738.0,
"function_hash": "317269045506639854454393734069897120250"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-bc3cc432"
},
{
"target": {
"function": "initMediaSession",
"file": "Ports/Android/src/com/codename1/media/BackgroundAudioService.java"
},
"digest": {
"length": 617.0,
"function_hash": "292424343476406790278347945850814437059"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-cf68d55e"
},
{
"target": {
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"line_hashes": [
"295589414188919779705870988553014978959",
"163261913327268977721868415678261971379",
"119165971484099704498405067349038335686",
"20853753207823538052071395569323887816",
"3481131365512957022566644321640369211",
"155862126129945531702677471504103931366",
"148012937468674448644314129434064894267",
"80140789951384955130263139490041197742",
"143193875915494457272859550824225132544",
"74225790975738644538440168350960737720",
"22636613123700624231494505771994688777",
"108193378344694797409801823816929132771",
"152765428082627370855145282698681230078",
"107720581695982841740589036417100009340",
"226246665998162788093787129251012068768",
"7731114312158179473833517925658877506",
"202736911576791207738586053394763098063",
"165319244303037094301260174066638242462",
"299498025450999179167953466220537697651",
"152823801070448036030854698762726380514",
"282770386441480019373047690993290401056",
"143839289131676296855502807447186095837",
"100019677810596350022328760646623914364",
"289078666708536547056094226471679877534",
"157052617262743467658826357951845184508",
"252800286184698856392914948500036183179",
"328446358809383225826637063472390456290",
"303849357483831173717924822818442706542"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2022-4903-cfae6beb"
},
{
"target": {
"function": "addActionsToNotification",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 1434.0,
"function_hash": "243180564244658640218205111363512677131"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-dc8ecbf2"
},
{
"target": {
"function": "run",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 1636.0,
"function_hash": "131450302331053466603527981527043112999"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-dd123792"
},
{
"target": {
"function": "clearListener",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 1076.0,
"function_hash": "213498008797857880025577497705715360316"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-ea708344"
},
{
"target": {
"function": "cancelLocalNotification",
"file": "Ports/Android/src/com/codename1/impl/android/AndroidImplementation.java"
},
"digest": {
"length": 357.0,
"function_hash": "14456050024670177320249122779048398618"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-f17a2f93"
},
{
"target": {
"function": "createGeofencePendingIntent",
"file": "Ports/Android/src/com/codename1/location/AndroidLocationPlayServiceManager.java"
},
"digest": {
"length": 909.0,
"function_hash": "274693962417594367875105713134958280388"
},
"signature_version": "v1",
"source": "https://github.com/codenameone/codenameone/commit/dad49c9ef26a598619fc48d2697151a02987d478",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2022-4903-f710b04e"
}
]