ASB-A-158480899

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-158480899.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-158480899
Aliases
  • A-158480899
  • CVE-2021-0309
Published
2021-01-01T00:00:00Z
Modified
2024-08-07T19:29:36.673409Z
Summary
GrantCredentialsPermissionActivity allows cross-user, cross-app account grant/deny
Details

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. This could lead to local information disclosure and account access with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2021-01-01

Affected versions

8.*

8.0

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2329.0,
                "function_hash": "169176292069655878122855008000268506579"
            },
            "id": "ASB-A-158480899-68cea638",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "194722372101700265113933027358946348038",
                    "337633780999951070242193414303846187679",
                    "15079842726014548851138243531326748064",
                    "193306748501267726017097753385112454086",
                    "261732309958201644374806998203559537423",
                    "322624348022575975775937379496654695890",
                    "164112930468999332678321648180684931039",
                    "105611153269043906405797518722492505644",
                    "83390672687772439929319043483598710601",
                    "77007600275052414961460561812277160611",
                    "197342589679091537503923021044786154859",
                    "214470624376526578907341776361424452746",
                    "274558474868927562459767586533569257747",
                    "242220163937298710475699943125577290287",
                    "171477402060842780823558526916946359170",
                    "256036301696239112985958057171804203128",
                    "82459262427719016983093781069884299259",
                    "26726069422808006701622420997956833370",
                    "279533264680765139203692944979604423897"
                ]
            },
            "id": "ASB-A-158480899-8644cc34",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-01-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2329.0,
                "function_hash": "169176292069655878122855008000268506579"
            },
            "id": "ASB-A-158480899-8a3566ff",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "194722372101700265113933027358946348038",
                    "337633780999951070242193414303846187679",
                    "15079842726014548851138243531326748064",
                    "193306748501267726017097753385112454086",
                    "261732309958201644374806998203559537423",
                    "322624348022575975775937379496654695890",
                    "164112930468999332678321648180684931039",
                    "105611153269043906405797518722492505644",
                    "83390672687772439929319043483598710601",
                    "77007600275052414961460561812277160611",
                    "197342589679091537503923021044786154859",
                    "214470624376526578907341776361424452746",
                    "274558474868927562459767586533569257747",
                    "242220163937298710475699943125577290287",
                    "171477402060842780823558526916946359170",
                    "256036301696239112985958057171804203128",
                    "82459262427719016983093781069884299259",
                    "26726069422808006701622420997956833370",
                    "279533264680765139203692944979604423897"
                ]
            },
            "id": "ASB-A-158480899-cd6088f9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-01-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2329.0,
                "function_hash": "169176292069655878122855008000268506579"
            },
            "id": "ASB-A-158480899-0d1f362f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "194722372101700265113933027358946348038",
                    "337633780999951070242193414303846187679",
                    "15079842726014548851138243531326748064",
                    "193306748501267726017097753385112454086",
                    "261732309958201644374806998203559537423",
                    "322624348022575975775937379496654695890",
                    "164112930468999332678321648180684931039",
                    "105611153269043906405797518722492505644",
                    "83390672687772439929319043483598710601",
                    "77007600275052414961460561812277160611",
                    "197342589679091537503923021044786154859",
                    "214470624376526578907341776361424452746",
                    "274558474868927562459767586533569257747",
                    "242220163937298710475699943125577290287",
                    "171477402060842780823558526916946359170",
                    "256036301696239112985958057171804203128",
                    "82459262427719016983093781069884299259",
                    "26726069422808006701622420997956833370",
                    "279533264680765139203692944979604423897"
                ]
            },
            "id": "ASB-A-158480899-46c9fe4f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-01-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "194722372101700265113933027358946348038",
                    "337633780999951070242193414303846187679",
                    "15079842726014548851138243531326748064",
                    "193306748501267726017097753385112454086",
                    "261732309958201644374806998203559537423",
                    "322624348022575975775937379496654695890",
                    "164112930468999332678321648180684931039",
                    "105611153269043906405797518722492505644",
                    "83390672687772439929319043483598710601",
                    "77007600275052414961460561812277160611",
                    "197342589679091537503923021044786154859",
                    "214470624376526578907341776361424452746",
                    "274558474868927562459767586533569257747",
                    "242220163937298710475699943125577290287",
                    "171477402060842780823558526916946359170",
                    "256036301696239112985958057171804203128",
                    "82459262427719016983093781069884299259",
                    "26726069422808006701622420997956833370",
                    "279533264680765139203692944979604423897"
                ]
            },
            "id": "ASB-A-158480899-0fe3278e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2329.0,
                "function_hash": "169176292069655878122855008000268506579"
            },
            "id": "ASB-A-158480899-78b47e18",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-01-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2329.0,
                "function_hash": "169176292069655878122855008000268506579"
            },
            "id": "ASB-A-158480899-3e696453",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "194722372101700265113933027358946348038",
                    "337633780999951070242193414303846187679",
                    "15079842726014548851138243531326748064",
                    "193306748501267726017097753385112454086",
                    "261732309958201644374806998203559537423",
                    "322624348022575975775937379496654695890",
                    "164112930468999332678321648180684931039",
                    "105611153269043906405797518722492505644",
                    "83390672687772439929319043483598710601",
                    "77007600275052414961460561812277160611",
                    "197342589679091537503923021044786154859",
                    "214470624376526578907341776361424452746",
                    "274558474868927562459767586533569257747",
                    "242220163937298710475699943125577290287",
                    "171477402060842780823558526916946359170",
                    "256036301696239112985958057171804203128",
                    "82459262427719016983093781069884299259",
                    "26726069422808006701622420997956833370",
                    "279533264680765139203692944979604423897"
                ]
            },
            "id": "ASB-A-158480899-72c2e43b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/accounts/GrantCredentialsPermissionActivity.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0b610a27ba60047842b9416dd0537c68f0dd22b2"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}