In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 2329.0, "function_hash": "169176292069655878122855008000268506579" }, "id": "ASB-A-158480899-68cea638", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194722372101700265113933027358946348038", "337633780999951070242193414303846187679", "15079842726014548851138243531326748064", "193306748501267726017097753385112454086", "261732309958201644374806998203559537423", "322624348022575975775937379496654695890", "164112930468999332678321648180684931039", "105611153269043906405797518722492505644", "83390672687772439929319043483598710601", "77007600275052414961460561812277160611", "197342589679091537503923021044786154859", "214470624376526578907341776361424452746", "274558474868927562459767586533569257747", "242220163937298710475699943125577290287", "171477402060842780823558526916946359170", "256036301696239112985958057171804203128", "82459262427719016983093781069884299259", "26726069422808006701622420997956833370", "279533264680765139203692944979604423897" ] }, "id": "ASB-A-158480899-8644cc34", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 2329.0, "function_hash": "169176292069655878122855008000268506579" }, "id": "ASB-A-158480899-8a3566ff", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194722372101700265113933027358946348038", "337633780999951070242193414303846187679", "15079842726014548851138243531326748064", "193306748501267726017097753385112454086", "261732309958201644374806998203559537423", "322624348022575975775937379496654695890", "164112930468999332678321648180684931039", "105611153269043906405797518722492505644", "83390672687772439929319043483598710601", "77007600275052414961460561812277160611", "197342589679091537503923021044786154859", "214470624376526578907341776361424452746", "274558474868927562459767586533569257747", "242220163937298710475699943125577290287", "171477402060842780823558526916946359170", "256036301696239112985958057171804203128", "82459262427719016983093781069884299259", "26726069422808006701622420997956833370", "279533264680765139203692944979604423897" ] }, "id": "ASB-A-158480899-cd6088f9", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 2329.0, "function_hash": "169176292069655878122855008000268506579" }, "id": "ASB-A-158480899-0d1f362f", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194722372101700265113933027358946348038", "337633780999951070242193414303846187679", "15079842726014548851138243531326748064", "193306748501267726017097753385112454086", "261732309958201644374806998203559537423", "322624348022575975775937379496654695890", "164112930468999332678321648180684931039", "105611153269043906405797518722492505644", "83390672687772439929319043483598710601", "77007600275052414961460561812277160611", "197342589679091537503923021044786154859", "214470624376526578907341776361424452746", "274558474868927562459767586533569257747", "242220163937298710475699943125577290287", "171477402060842780823558526916946359170", "256036301696239112985958057171804203128", "82459262427719016983093781069884299259", "26726069422808006701622420997956833370", "279533264680765139203692944979604423897" ] }, "id": "ASB-A-158480899-46c9fe4f", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "194722372101700265113933027358946348038", "337633780999951070242193414303846187679", "15079842726014548851138243531326748064", "193306748501267726017097753385112454086", "261732309958201644374806998203559537423", "322624348022575975775937379496654695890", "164112930468999332678321648180684931039", "105611153269043906405797518722492505644", "83390672687772439929319043483598710601", "77007600275052414961460561812277160611", "197342589679091537503923021044786154859", "214470624376526578907341776361424452746", "274558474868927562459767586533569257747", "242220163937298710475699943125577290287", "171477402060842780823558526916946359170", "256036301696239112985958057171804203128", "82459262427719016983093781069884299259", "26726069422808006701622420997956833370", "279533264680765139203692944979604423897" ] }, "id": "ASB-A-158480899-0fe3278e", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 2329.0, "function_hash": "169176292069655878122855008000268506579" }, "id": "ASB-A-158480899-78b47e18", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java", "function": "onCreate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 2329.0, "function_hash": "169176292069655878122855008000268506579" }, "id": "ASB-A-158480899-3e696453", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "194722372101700265113933027358946348038", "337633780999951070242193414303846187679", "15079842726014548851138243531326748064", "193306748501267726017097753385112454086", "261732309958201644374806998203559537423", "322624348022575975775937379496654695890", "164112930468999332678321648180684931039", "105611153269043906405797518722492505644", "83390672687772439929319043483598710601", "77007600275052414961460561812277160611", "197342589679091537503923021044786154859", "214470624376526578907341776361424452746", "274558474868927562459767586533569257747", "242220163937298710475699943125577290287", "171477402060842780823558526916946359170", "256036301696239112985958057171804203128", "82459262427719016983093781069884299259", "26726069422808006701622420997956833370", "279533264680765139203692944979604423897" ] }, "id": "ASB-A-158480899-72c2e43b", "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }