Details of VAR-202212-0746

ID

VAR-202212-0746

CVE

CVE-2022-20559

TITLE

Google of Android Vulnerability regarding observable inconsistencies in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023574

DESCRIPTION

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Android is a free and open source operating system based on the Linux kernel (without GNU components)

Trust: 2.25

sources: NVD: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-12018

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	13.0	Trust: 2.4
vendor:	google	model:	android	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2023-12018 // JVNDB: JVNDB-2022-023574 // NVD: CVE-2022-20559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-20559
value:	LOW
Trust: 1.0
NVD:	CVE-2022-20559
value:	LOW
Trust: 0.8
CNVD:	CNVD-2023-12018
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202212-2327
value:	LOW
Trust: 0.6

CNVD:	CNVD-2023-12018
severity:	LOW
baseScore:	1.7
vectorString:	AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-20559
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-20559
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-12018 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

PROBLEMTYPE DATA

problemtype:	CWE-203	Trust: 1.0
problemtype:	Observable discrepancy (CWE-203) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023574 // NVD: CVE-2022-20559

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2327

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2327

PATCH

title:	Patch for Google Android Information Disclosure Vulnerability (CVE-2022-20559)	url:	https://www.cnvd.org.cn/patchInfo/show/407701	Trust: 0.6
title:	Google Pixel Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218439	Trust: 0.6

sources: CNVD: CNVD-2023-12018 // CNNVD: CNNVD-202212-2327

EXTERNAL IDS

db:	NVD	id:	CVE-2022-20559	Trust: 3.9
db:	JVNDB	id:	JVNDB-2022-023574	Trust: 0.8
db:	CNVD	id:	CNVD-2023-12018	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-2327	Trust: 0.6
db:	VULMON	id:	CVE-2022-20559	Trust: 0.1

sources: CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

REFERENCES

url:	https://source.android.com/security/bulletin/pixel/2022-12-01	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-20559	Trust: 1.4
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-20559/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

SOURCES

db:	CNVD	id:	CNVD-2023-12018
db:	VULMON	id:	CVE-2022-20559
db:	JVNDB	id:	JVNDB-2022-023574
db:	CNNVD	id:	CNNVD-202212-2327
db:	NVD	id:	CVE-2022-20559

LAST UPDATE DATE

2024-08-14T13:21:25.278000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-12018	date:	2023-02-27T00:00:00
db:	VULMON	id:	CVE-2022-20559	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023574	date:	2023-11-29T03:09:00
db:	CNNVD	id:	CNNVD-202212-2327	date:	2022-12-21T00:00:00
db:	NVD	id:	CVE-2022-20559	date:	2022-12-20T22:03:10.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-12018	date:	2023-02-16T00:00:00
db:	VULMON	id:	CVE-2022-20559	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023574	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-2327	date:	2022-12-05T00:00:00
db:	NVD	id:	CVE-2022-20559	date:	2022-12-16T16:15:19.140