Main Vulnerability Database Vulnerabilities #VU35317

Inclusion of Sensitive Information in Log Files in Google Android - CVE-2019-9277

Published: September 27, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35317

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-9277

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

In the proc filesystem, there is a possible information disclosure due to log information disclosure. This could lead to local disclosure of app and browser activity with User execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-68016944

How to mitigate CVE-2019-9277

Install update from vendor's website.

Sources

https://source.android.com/security/bulletin/android-10

Inclusion of Sensitive Information in Log Files in Google Android - CVE-2019-9277

Detailed vulnerability description

How to mitigate CVE-2019-9277

Sources

Please verify you're human