Improper Access Control Vulnerability in Runestone Application Allows Unauthorized Device Location Access

Improper Access Control Vulnerability in Runestone Application Allows Unauthorized Device Location Access

CVE-2023-21442 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.

Learn more about our Cis Benchmark Audit For Google Android.