Skip to main content

Improper Restriction of Rendered UI Layers or Frames

CVE-2022-20214

Severity Medium
Score 4.7/10

Summary

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

  • LOW
  • NETWORK
  • LOW
  • CHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References

Advisory Timeline

  • Published