CVE-2024-0053

Published: Mar 11, 2024Modified: Mar 27, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected (4)

Products: Google: Android

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 12.0
Google Android	Version 12.1
Google Android	Version 13.0
Google Android	Version 14.0

Related CWEs

Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (4)

https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77

Source: security@android.com

Patch

https://source.android.com/security/bulletin/2024-03-01

Source: security@android.com

PatchVendor Advisory

https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://source.android.com/security/bulletin/2024-03-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.