Main Vulnerability Database Vulnerabilities #VU34658

Information disclosure in Google Android - CVE-2019-20579

Published: March 24, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34658

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-20579

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).

How to mitigate CVE-2019-20579

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Information disclosure in Google Android - CVE-2019-20579

Detailed vulnerability description

How to mitigate CVE-2019-20579

Sources

Please verify you're human