Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/03/2023 Updated: 29/03/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android 11.0
google android 12.0
google android 12.1
google android 13.0

NVD-CWE-noinfo https://source.android.com/security/bulletin/2023-03-01 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-20906

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect