Main Vulnerability Database Vulnerabilities #VU34777

Information disclosure in Google Android - CVE-2020-0031

Published: March 10, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34777

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0031

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197

How to mitigate CVE-2020-0031

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/2020-03-01

Information disclosure in Google Android - CVE-2020-0031

Detailed vulnerability description

How to mitigate CVE-2020-0031

Sources

Please verify you're human