CVE-2023-21246
LOWAndroid - Local Privilege Escalation via ShortcutInfo Exception Handling
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-21246. PoCs published by Trinadh465.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2023-21246, targeting Android's Autofill framework. The code includes test cases demonstrating the vulnerability, which involves improper handling of autofill requests, potentially leading to information disclosure or unintended behavior.
Description
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploits (1)
This repository contains a proof-of-concept exploit for CVE-2023-21246, targeting Android's Autofill framework. The code includes test cases demonstrating the vulnerability, which involves improper handling of autofill requests, potentially leading to information disclosure or unintended behavior.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N