Cleartext Storage of Sensitive Information

CVE-2021-0337

High

7.2/10

Summary

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-157474195

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: COMPLETE
Confidentiality Impact: COMPLETE
Availability Impact: COMPLETE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

Published Feb 10, 2021

Cleartext Storage of Sensitive Information

CVE-2021-0337

Summary

CWE-312 - Cleartext Storage of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS