CVE-2022-2390
Google Play Services SDK leads to apps having incorrectly set mutability flag
6.1
MEDIUM
CVSS 3.1
EPSS 0.02%
描述
Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps.
如何修補 CVE-2022-2390
要修補 CVE-2022-2390,請將受影響套件升級到下列已修補版本。
- —升級至 18.0.2 或更新版本
CVE-2022-2390 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 18.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N |