CVE-2020-0020

{"id": "CVE-2020-0020", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-02-13T15:15:11.623", "references": [{"url": "https://source.android.com/security/bulletin/2020-02-01", "tags": ["Patch", "Vendor Advisory"], "source": "security@android.com"}, {"url": "https://source.android.com/security/bulletin/2020-02-01", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "In getAttributeRange of ExifInterface.java, there is a possible failure to redact location information from media files due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143118731"}, {"lang": "es", "value": "En la funci\u00f3n getAttributeRange del archivo ExifInterface.java, se presenta un posible fallo al redactar la informaci\u00f3n de ubicaci\u00f3n desde los archivos multimedia, debido a una comprobaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda conllevar a una divulgaci\u00f3n local de informaci\u00f3n con los privilegios de ejecuci\u00f3n User necesarios. No es necesaria una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-143118731."}], "lastModified": "2024-11-21T04:52:45.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}