Use of Implicit Intent for Sensitive Communication

CVE-2023-44127

Low

3.6/10

Summary

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-927 - Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.

References

Advisory Timeline

Published Sep 27, 2023

Use of Implicit Intent for Sensitive Communication

CVE-2023-44127

Summary

CWE-927 - Use of Implicit Intent for Sensitive Communication

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS