CVE-2020-0415

MEDIUM EPSS 5.7%
Published Oct 14, 20205y ago · Modified Jun 18, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Oct 14, 2020 5y ago
Last Modified Jun 18, 2026 2w ago

Description

In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
5.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
googleandroid8.0any
googleandroid8.1any
googleandroid9.0any
googleandroid10.0any
googleandroid11.0any

References 1

  • source.android.com https://source.android.com/security/bulletin/2020-10-01
    PatchVendor Advisory

Remediation

  • source.android.com https://source.android.com/security/bulletin/2020-10-01
    PatchVendor Advisory