← voltar
CVE-2022-29580

Path Traversal in Android Google Search App

CVSS 8.9 HIGHEPSS 0.4%CWE-427
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 dez 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to get access to unintended directories. An attacker can manipulate paths that could lead to code execution on the device. We recommend upgrading beyond version 13.41
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Produtos afetados
Google · Android Google Search App

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://support.google.com/faqs/answer/7496913?hl=en