Confused Deputy Vulnerability in visitUris of RemoteViews.java Allows for Image Leakage and Local Information Disclosure

Confused Deputy Vulnerability in visitUris of RemoteViews.java Allows for Image Leakage and Local Information Disclosure

CVE-2023-21238 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our User Device Pen Test.