{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-20493","assignerOrgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","assignerShortName":"google_android","dateUpdated":"2025-04-03T20:09:52.547Z","dateReserved":"2021-10-14T00:00:00.000Z","datePublished":"2023-01-24T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6","shortName":"google_android","dateUpdated":"2023-01-24T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316"}],"affected":[{"vendor":"n/a","product":"Android","versions":[{"version":"Android-10 Android-11 Android-12 Android-12L Android-13","status":"affected"}]}],"references":[{"url":"https://source.android.com/security/bulletin/2023-01-01"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Elevation of privilege"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T02:17:52.556Z"},"title":"CVE Program Container","references":[{"url":"https://source.android.com/security/bulletin/2023-01-01","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1284","lang":"en","description":"CWE-1284 Improper Validation of Specified Quantity in Input"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-02T14:29:35.852655Z","id":"CVE-2022-20493","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-03T20:09:52.547Z"}}]}}