In onActivityResult of EditUserPhotoController.java,...
Moderate severity
Unreviewed
Published
Nov 13, 2024
to the GitHub Advisory Database
•
Updated Nov 14, 2024
Description
Published by the National Vulnerability Database
Nov 13, 2024
Published to the GitHub Advisory Database
Nov 13, 2024
Last updated
Nov 14, 2024
In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References