CVE-2022-20321: 
NixOS vulnerability analysis and mitigation

CVE-2022-20321 is a vulnerability discovered in Android 13's Settings component that allows unauthorized access to WiFi QR code content. The vulnerability was disclosed in August 2022 and affects Android 13 systems. The issue stems from a missing permission check that could potentially expose sensitive WiFi configuration information (NVD).

The vulnerability is characterized by a missing authorization check in the Android Settings component, specifically related to WiFi QR code functionality. It has been assigned a CVSS v3.1 base score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability allows an application without proper permissions to read the content of WiFi QR codes, leading to local information disclosure. The impact is limited as it requires user interaction for exploitation and does not provide additional execution privileges (NVD).

The vulnerability has been addressed in Android 13 security updates. Users should ensure their devices are updated with the latest security patches (Android Bulletin).