Sensitive Information Disclosure in Augmented Autofill of Android-10

Sensitive Information Disclosure in Augmented Autofill of Android-10

CVE-2020-0031 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197

Learn more about our Cis Benchmark Audit For Google Android.