Path traversal in Google Android - CVE-2020-15583

 

Path traversal in Google Android - CVE-2020-15583

Published: July 7, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34168
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-15583
CWE-ID: CWE-22
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. StickerProvider allows directory traversal for access to system files. The Samsung ID is SVE-2020-17665 (July 2020).


How to mitigate CVE-2020-15583

Install update from vendor's website.

Sources