{"id":"ASB-A-276294099", "published":"2023-08-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21288", "A-276294099"], "details":"In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["324233427981781607540306433621735949661", "264942182053378596134081566774471213955", "247322044271246743110306386928965046179", "50405876539861166732624558246520248555"], "threshold":0.9}, "id":"ASB-A-276294099-8675f3e5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"102290230980165670159391216524883580302", "length":2848}, "id":"ASB-A-276294099-93acf9dd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"111248229135962808590699590406878258901", "length":2375}, "id":"ASB-A-276294099-4bd76cb2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["324233427981781607540306433621735949661", "264942182053378596134081566774471213955", "247322044271246743110306386928965046179", "50405876539861166732624558246520248555"], "threshold":0.9}, "id":"ASB-A-276294099-f0b9d2ff", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"143390102946370275124655086785671619060", "length":2698}, "id":"ASB-A-276294099-8529d90c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["324233427981781607540306433621735949661", "264942182053378596134081566774471213955", "247322044271246743110306386928965046179", "50405876539861166732624558246520248555"], "threshold":0.9}, "id":"ASB-A-276294099-fe18d1d4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["324233427981781607540306433621735949661", "264942182053378596134081566774471213955", "247322044271246743110306386928965046179", "50405876539861166732624558246520248555"], "threshold":0.9}, "id":"ASB-A-276294099-30613b06", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"143390102946370275124655086785671619060", "length":2698}, "id":"ASB-A-276294099-7e152e04", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"143390102946370275124655086785671619060", "length":2698}, "id":"ASB-A-276294099-3be54603", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["324233427981781607540306433621735949661", "264942182053378596134081566774471213955", "247322044271246743110306386928965046179", "50405876539861166732624558246520248555"], "threshold":0.9}, "id":"ASB-A-276294099-d293a69b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53", "target":{"file":"core/java/android/app/Notification.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c"}]}