CVE-2022-20011 (Medium) detected in baseandroid-10.0.0_r34 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2022-20011 - Medium Severity Vulnerability

Vulnerable Library - baseandroid-10.0.0_r34

Android framework classes and services

Library home page: https://android.googlesource.com/platform/frameworks/base

Found in HEAD commit: 93180aa1b441e58852011185a9a64e3aec8cabed

Found in base branch: main

Vulnerable Source Files (1)

/services/core/java/com/android/server/notification/NotificationManagerService.java

Vulnerability Details

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128

Publish Date: 2022-05-10

URL: CVE-2022-20011

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://source.android.com/security/bulletin/2022-05-01

Release Date: 2022-05-10

Fix Resolution: android-12.1.0_r5

---

Step up your Open Source Security Game with Mend here