Home > Vulnerability Database > CVE-2024-0032

Mend.io Vulnerability Database

CVE-2024-0032

Date: February 15, 2024

In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Language: Java

Severity Score

7.3

Related Resources (5)

Url: https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7

Url: https://source.android.com/security/bulletin/2024-02-01

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0032

Url: https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394

Url: https://www.mend.io/vulnerability-database/CVE-2024-0032

Severity Score

7.3

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0032

Date: February 15, 2024

Language: Java

Severity Score

Related Resources (5)

Severity Score

CVSS v3.1

Do you need more information?