Path traversal in Google Android - CVE-2020-13836

 

Path traversal in Google Android - CVE-2020-13836

Published: June 4, 2020 / Updated: August 8, 2020


Vulnerability identifier: #VU34371
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-13836
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Google
Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. HWRResProvider allows path traversal for data exposure. The Samsung ID is SVE-2020-16954 (June 2020).


How to mitigate CVE-2020-13836

Install update from vendor's website.

Sources