CVE-2023-21294: 
NixOS vulnerability analysis and mitigation

In Slice, there is a possible disclosure of installed packages due to a missing permission check. This vulnerability (CVE-2023-21294) affects Android versions prior to 14.0. The issue was disclosed and addressed in the Android 14 security bulletin (Android Bulletin).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 Base Score of 5.5 (MEDIUM). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), and no user interaction (UI:N). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

A successful exploitation of this vulnerability could lead to local information disclosure of installed packages, with no additional execution privileges needed. The attacker could potentially access sensitive information about installed applications on the affected device (NVD).

The vulnerability has been patched in Android 14.0. Users should upgrade their Android devices to version 14.0 or later to protect against this vulnerability (Android Bulletin).