ID

VAR-202212-0746


CVE

CVE-2022-20559


TITLE

Google  of  Android  Vulnerability regarding observable inconsistencies in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023574

DESCRIPTION

In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Android is a free and open source operating system based on the Linux kernel (without GNU components)

Trust: 2.25

sources: NVD: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-12018

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion:13.0

Trust: 2.4

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:androidscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2023-12018 // JVNDB: JVNDB-2022-023574 // NVD: CVE-2022-20559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20559
value: LOW

Trust: 1.0

NVD: CVE-2022-20559
value: LOW

Trust: 0.8

CNVD: CNVD-2023-12018
value: LOW

Trust: 0.6

CNNVD: CNNVD-202212-2327
value: LOW

Trust: 0.6

CNVD: CNVD-2023-12018
severity: LOW
baseScore: 1.7
vectorString: AV:L/AC:L/AU:S/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-20559
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20559
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-12018 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:Observable discrepancy (CWE-203) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023574 // NVD: CVE-2022-20559

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-2327

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-2327

PATCH

title:Patch for Google Android Information Disclosure Vulnerability (CVE-2022-20559)url:https://www.cnvd.org.cn/patchInfo/show/407701

Trust: 0.6

title:Google Pixel Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218439

Trust: 0.6

sources: CNVD: CNVD-2023-12018 // CNNVD: CNNVD-202212-2327

EXTERNAL IDS

db:NVDid:CVE-2022-20559

Trust: 3.9

db:JVNDBid:JVNDB-2022-023574

Trust: 0.8

db:CNVDid:CNVD-2023-12018

Trust: 0.6

db:CNNVDid:CNNVD-202212-2327

Trust: 0.6

db:VULMONid:CVE-2022-20559

Trust: 0.1

sources: CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2022-12-01

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-20559

Trust: 1.4

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-2022-40023

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-20559/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-12018 // VULMON: CVE-2022-20559 // JVNDB: JVNDB-2022-023574 // CNNVD: CNNVD-202212-2327 // NVD: CVE-2022-20559

SOURCES

db:CNVDid:CNVD-2023-12018
db:VULMONid:CVE-2022-20559
db:JVNDBid:JVNDB-2022-023574
db:CNNVDid:CNNVD-202212-2327
db:NVDid:CVE-2022-20559

LAST UPDATE DATE

2024-08-14T13:21:25.278000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-12018date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-20559date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023574date:2023-11-29T03:09:00
db:CNNVDid:CNNVD-202212-2327date:2022-12-21T00:00:00
db:NVDid:CVE-2022-20559date:2022-12-20T22:03:10.727

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-12018date:2023-02-16T00:00:00
db:VULMONid:CVE-2022-20559date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023574date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-2327date:2022-12-05T00:00:00
db:NVDid:CVE-2022-20559date:2022-12-16T16:15:19.140