CVEs-PoC/2020/CVE-2020-0422.md

CVE-2020-0422

Description

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-161718556

POC

Reference

No PoCs from references.

Github

• https://github.com/TinyNiko/android_bulletin_notes