Description
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
References (1)
Core 1
Core References
Vendor Advisory
https://source.android.com/security/bulletin/aaos/2023-01-01
Scores
CVSS v3
5.5
EPSS
0.0002
EPSS Percentile
5.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (1)
google/android
12.1
Published
Jan 26, 2023
Tracked Since
Feb 18, 2026