KEVIntel
Back to KEVs
7.3
CVSS
High

CVE-2024-43093

PUBLISHED

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive...

Exploited in the wild Low complexity
Vendor
Google
Product
Android
Published
Nov 13, 2024
EPSS

Description

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

java android cisa

CVSS scores

CVSS v3.1 7.3 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2024-11-07 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Nov 07, 2024

Timeline

  • CVE ID Reserved

  • Added to KEVIntel

  • CVE Published to Public