CVE-2022-20503: 
NixOS vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-20503 was discovered in Android 13's WifiDppConfiguratorActivity.java component. The vulnerability allows a guest user to add a WiFi configuration due to a missing permission check, potentially leading to local privilege escalation. The issue was disclosed in December 2022 and affects Android 13 systems (Android Bulletin).

The vulnerability exists in the onCreate method of WifiDppConfiguratorActivity.java where a missing permission check could allow unauthorized WiFi configuration modifications. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue is classified under CWE-862 (Missing Authorization) (NVD).

The vulnerability could lead to local escalation of privilege with no additional execution privileges needed. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system. No user interaction is required for exploitation (NVD).

The vulnerability was addressed in the Android Security Bulletin for December 2022. Users should ensure their Android 13 devices are updated with the latest security patches (Android Bulletin).