Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-20011
CVE-2022-20011:
NixOS vulnerability analysis and mitigation
Overview
In getArray of NotificationManagerService.java, there is a possible leak of one user notifications to another due to missing check. This vulnerability, identified as CVE-2022-20011, affects Android versions 10, 11, 12, and 12L. The issue was disclosed in the Android Security Bulletin of May 2022 (Android Security Bulletin).
Technical details
The vulnerability exists in the NotificationManagerService.java component of Android's framework. The issue stems from a missing validation check in the getArray function, which could potentially allow unauthorized access to notifications between different users (Debian Security).
Impact
This vulnerability could lead to local information disclosure, potentially exposing one user's notifications to another user on the same device. The exploitation does not require additional execution privileges or user interaction (Debian Security).
Mitigation and workarounds
The issue was addressed in the Android Security Bulletin of May 2022. A fix was implemented in the Android framework through commit f315ba91df3829d862371fbab9da584ce0a59bc6 (Debian Security).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management