ASB-A-303871379

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-303871379.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-303871379
Aliases
  • A-303871379
  • CVE-2024-0052
Published
2024-03-01T00:00:00Z
Modified
2024-08-07T19:29:41.483356Z
Summary
Privacy Issue: Platform Health Connect
Details

In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/HealthFitness

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-03-01

Affected versions

Other

14-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/0e063a0f28fff69e97beb88f388c289868040f54"
    ],
    "spl": "2024-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/modules/HealthFitness

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-03-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "303397910970066705896491300944181946482",
                    "107077137157228741257530891295972398390",
                    "255519706190375472030313648668539826357",
                    "189132526608684497251116704625378001065",
                    "281492569866441411632087628868213069251",
                    "294820583194145437124690788142919088377",
                    "156663210949067441502865218309804169029",
                    "53179007912776764888647941729736017216",
                    "200731722973408927217065866298300453506",
                    "302152118199208000225373328115342342576",
                    "30738369206559785790232722560622590233",
                    "51015779955444135986342672355561960235",
                    "98746580527231370175012943851094704963",
                    "161511247687839254016800474012408059856",
                    "296709997152946268295237337224672578530",
                    "326638621028445559715170000516814952830",
                    "272036735068376858103351293106501102177",
                    "245417023728754938206837584092589112954",
                    "333452105562182564437815523145894130694",
                    "164782816622370270512480559658814585331",
                    "195281663912556875979062488503937872127",
                    "218128015004106724921233984986615229464",
                    "51739894621726243908042174272835789979",
                    "120889771494974528208766248083828502586",
                    "129664160014023199976294285405804827373",
                    "186662240011936204860880093132730583956",
                    "76658740795350931991858143714776811768",
                    "300087360388233962037417386027070455263",
                    "37624612028320611871128132129089115222",
                    "74937696441474105036399087037581923048",
                    "51571010833889619433296549463567737992",
                    "313711559079278452221147010102641314583",
                    "103280463448448907621613706343906574061",
                    "88608294677670291364421457773357202929",
                    "293840213456862632469158131553547558402",
                    "121564410619072817147228023091023237914"
                ]
            },
            "id": "ASB-A-303871379-08d66c85",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "115773042374397725304054136865838307720",
                    "43016498966660277235977443447744648400",
                    "300858253448028045561033847365583665767",
                    "161013414089286661090945709035473165407",
                    "313186801087517929987222617281508692037",
                    "221294796177690677149985420788888161539",
                    "251592861531084697856671027394619778721",
                    "305776141530431493684491295942136334852",
                    "111048422099117603262734946830536935433",
                    "297098700792149737523976802317347369628",
                    "257315901175972132872290986055947977858",
                    "209568428495451751262955975890599809213",
                    "85394869002054256644937347747261106324",
                    "5705443573018726295169318340970875110",
                    "291352356509444640429537529900338080972"
                ]
            },
            "id": "ASB-A-303871379-11c43bc8",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 418.0,
                "function_hash": "114894399810740158583994061373834807549"
            },
            "id": "ASB-A-303871379-11cdf29a",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java",
                "function": "getExtraDataReadRequests"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4000.0,
                "function_hash": "30724966431946414589281216019393003224"
            },
            "id": "ASB-A-303871379-195275a2",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
                "function": "readRecords"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "307607149100168818667515056801092756172",
                    "239466008602587192012674704577849084739",
                    "245607463741466935590695696572161162666",
                    "254624107689754141862009810848411608136",
                    "192817275534771030063274524070420943454",
                    "336425509797542122420574727241735153700",
                    "251694526878090107601285900634626848525",
                    "18711381487436966386608229602984500334",
                    "108509882596538886408848950389286844566",
                    "148065690112658882141098821116934810399",
                    "213122466022310564199251675800567937229",
                    "251285000472269530802403331456969571645",
                    "298568479426656644954053383038354866968",
                    "83331934757146308473251065867058240087",
                    "307677713301336964578669165266061567854",
                    "38794395735819664722480248813227951313",
                    "145394457726406417558424942368140586319",
                    "61703870535056326136588237900867942991",
                    "185407886430890193971359182928727458741",
                    "4010821281863657499048334857443271515",
                    "154330324999705213193693513973179947968",
                    "35192062047302338584823327038497294730",
                    "195316288831050560786172945036340881620",
                    "43783905364404553803632750918508912660",
                    "221237909218743271600722051664461021631",
                    "18908953371903311735053000597217457195",
                    "205776496907725795965535780692936532567",
                    "263564158920384822925409691874439321999",
                    "293233436011099509766860485539146291279",
                    "218866428073236990774446973102680060606",
                    "292545821377025716769705874806276700318",
                    "131400259806753851958877759995334827118",
                    "38634938285517710856421064475413379098",
                    "336037305330910713069739705303735934256",
                    "312251918841610012539820506614233138776",
                    "282562684190912147301273755786029494478",
                    "310489386291213959059819318860429557165",
                    "131507795254000364886554575551653944106",
                    "170144050462488967232490380044869922287",
                    "243777524924001702719701594121654908477",
                    "293709024606437967596678612613012782555",
                    "328401038647635588621330362426562890597",
                    "50103496386179712801431527511428037709",
                    "58668015756155034569747034584444257500",
                    "89905772886014332803626048520676240455",
                    "301542558951637891334112236661693042633"
                ]
            },
            "id": "ASB-A-303871379-44a77ebf",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "216622662008624389962562292455637054130",
                    "144778414150245928660397262736564329566",
                    "171871336850382938845512613681543935068",
                    "310021049344923917852325132257722639648",
                    "339512495903744524946367240936352667878",
                    "179056564528285989694529957854448118587",
                    "2103457581055546526476563375661324742",
                    "108381999467508526470239385215239152788",
                    "138033502511064400626725096753448118863",
                    "37616110184084569528383645762994566275",
                    "128570348222707372793397728255858383852",
                    "197713465465816649153767596273200854182"
                ]
            },
            "id": "ASB-A-303871379-44f5a964",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 84.0,
                "function_hash": "55633498020479226693549024660886861785"
            },
            "id": "ASB-A-303871379-681a27de",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java",
                "function": "getExtraDataReadRequests"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 261.0,
                "function_hash": "337090286334532094340003832202207077518"
            },
            "id": "ASB-A-303871379-7b1f4caa",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java",
                "function": "ReadTransactionRequest"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "261876655572792055439130468996427437546",
                    "106316643915755070678036351210257199689",
                    "310478092011952943974622318786772371447",
                    "150515948390854663390735514227214331550",
                    "1261959798154896799739157349889800840",
                    "192302277006309213272428280231167767684",
                    "118352675439420908179836113844069935404",
                    "155574099057581777376375761880853214655",
                    "262611421518017625777898048370521415544",
                    "324757256370290393879044897175907728281",
                    "125587918527931544319580394460777908207",
                    "175622377035366603556280343907468752107",
                    "5676363857152462776625497270812035919",
                    "207001789881660192535548033859928366989",
                    "97423803509302047447906702040068173080",
                    "144662091405191411777675945707086210000",
                    "145248841579842207162450437731590209460",
                    "291663246367929952061257884701255182701"
                ]
            },
            "id": "ASB-A-303871379-88a25489",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1423.0,
                "function_hash": "192082415569888399400429002379035541035"
            },
            "id": "ASB-A-303871379-8c9d329f",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java",
                "function": "toRecordInternal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "322188533109300798593035108578781427989",
                    "184634760747528273037251352924883106736",
                    "62736856872061594056577457859154850083",
                    "276433295572456466352745530416083614061",
                    "324927055495563417452509288760058125323",
                    "123560786500136795943866234408335508067",
                    "93673601881214388693794286016314388151",
                    "198368942389786071498763663014109128005"
                ]
            },
            "id": "ASB-A-303871379-91b93dc2",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "259742347465424858126965088649354661860",
                    "313266793520816806867257727916338231289",
                    "268840683687182057963682973263291100849",
                    "93293804719988993413710598863699053469",
                    "25955792841505998722623901527931126204",
                    "197666473082436148547415428975927509288",
                    "287907490831514730198769102742589993468",
                    "225196001945180873421820788087647353008",
                    "332776173753097792482620338452469736627",
                    "222050889440854103523105990470239617772",
                    "214269547419768092065050533525333794311",
                    "113691281198056472403596186317624347818",
                    "288338715146222141858383255153567465175",
                    "245487779860001990815662883849719877662",
                    "232029641380625607053338605942043153956",
                    "16075427917053553277337186943676460466",
                    "56557055817164003506349462305101908869",
                    "175638435936127782502837518608719023139",
                    "119449760395101584813169881232682527259",
                    "250091004087946940666921344834319187294"
                ]
            },
            "id": "ASB-A-303871379-9cd7637b",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 376.0,
                "function_hash": "221406360895427184968068582716976961864"
            },
            "id": "ASB-A-303871379-a0a297a6",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java",
                "function": "collectExtraReadPermissionToStateMapping"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 310.0,
                "function_hash": "252235924817649576655277788320679109785"
            },
            "id": "ASB-A-303871379-b4c214df",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java",
                "function": "getReadTableRequest"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2968.0,
                "function_hash": "5274421010706655786379510375869700528"
            },
            "id": "ASB-A-303871379-e26384f7",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
                "function": "getChangeLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 649.0,
                "function_hash": "327873478835764122202614632785821446158"
            },
            "id": "ASB-A-303871379-e89a4d7f",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java",
                "function": "getExerciseSessionRecord"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 162.0,
                "function_hash": "91484500998150746351485296960406168484"
            },
            "id": "ASB-A-303871379-ebf2a3c1",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java",
                "function": "getAppInfoId"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "92309067385354652491191766760604571544",
                    "19309330688837905158963014011079654842",
                    "251298821583317060630118167118361425015"
                ]
            },
            "id": "ASB-A-303871379-f2082de7",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 294.0,
                "function_hash": "150877185014473022801309137023511300991"
            },
            "id": "ASB-A-303871379-fe28baac",
            "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java",
                "function": "getExtraDataReadRequests"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3"
    ],
    "spl": "2024-03-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}