CVE-2023-21249

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-281
View all →

Vulnerability Description

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2020-16910

MEDIUM
CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020

CVE-2021-0704

MEDIUM
CVSS:5.5(Medium)

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions ...

CWE-2812021

CVE-2021-30912

MEDIUM
CVSS:5.5(Medium)

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access ...

CWE-2812021

CVE-2021-35079

MEDIUM
CVSS:5.5(Medium)

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...

CWE-2812021

CVE-2021-43708

MEDIUM
CVSS:5.5(Medium)

The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.

CWE-2812021

CVE-2022-22650

MEDIUM
CVSS:5.5(Medium)

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's p...

CWE-2812022