{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-20458","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","dateUpdated":"2025-04-02T14:20:28.085Z","dateReserved":"2021-10-14T00:00:00.000Z","datePublished":"2023-01-24T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2023-01-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"The logs of sensitive information (PII) or hardware identifier should only be printed in Android \"userdebug\" or \"eng\" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android \"user\" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776"}],"affected":[{"vendor":"n/a","product":"Android","versions":[{"version":"Android-12L","status":"affected"}]}],"references":[{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Elevation of privilege"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:10:44.959Z"},"title":"CVE Program Container","references":[{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-532","lang":"en","description":"CWE-532 Insertion of Sensitive Information into Log File"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-02T14:19:26.385226Z","id":"CVE-2022-20458","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-02T14:20:28.085Z"}}]}}