CVE-2019-9323 - Vulnerability Details - OpenCVE

In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Android

Configuration 1 [-]

cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://source.android.com/security/bulletin/android-10

History

No history.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2019-09-27T18:05:15

Updated: 2024-08-04T21:46:30.537Z

Reserved: 2019-02-28T00:00:00

Link: CVE-2019-9323

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-27T19:15:21.797

Modified: 2024-11-21T04:51:25.780

Link: CVE-2019-9323

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Android", "vendor": "n/a", "versions": [{"status": "affected", "version": "Android-10"}]}], "descriptions": [{"lang": "en", "value": "In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233"}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-27T18:05:15", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://source.android.com/security/bulletin/android-10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2019-9323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Android", "version": {"version_data": [{"version_value": "Android-10"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://source.android.com/security/bulletin/android-10", "refsource": "MISC", "url": "https://source.android.com/security/bulletin/android-10"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:46:30.537Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://source.android.com/security/bulletin/android-10"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2019-9323", "datePublished": "2019-09-27T18:05:15", "dateReserved": "2019-02-28T00:00:00", "dateUpdated": "2024-08-04T21:46:30.537Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Wallpaper Manager service, there is a possible information disclosure due to a missing permission check. Any application can access wallpaper image with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-30770233"}, {"lang": "es", "value": "En el servicio Wallpaper Manager, se presenta una posible divulgaci\u00f3n de informaci\u00f3n debido a una falta de comprobaci\u00f3n de permiso. Cualquier aplicaci\u00f3n puede acceder a la imagen de fondo sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10, ID de Android: A-30770233"}], "id": "CVE-2019-9323", "lastModified": "2024-11-21T04:51:25.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-27T19:15:21.797", "references": [{"source": "security@android.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/android-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/android-10"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}