CVE-2023-20976

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-20976

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20976.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-20976

Aliases

A-216117246
PUB-A-216117246

Published

2023-03-24T20:15:11.373Z

Modified

2026-03-14T11:58:01.290625Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246

References

https://source.android.com/security/bulletin/pixel/2023-06-01

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20976.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    }
]