CVE-2023-42539: 
NixOS vulnerability analysis and mitigation

PendingIntent hijacking vulnerability was discovered in the ChallengeNotificationManager component of Samsung Health prior to version 6.25. The vulnerability was disclosed on April 17, 2023, and affects Samsung Health application users. This security issue allows local attackers to access data through PendingIntent hijacking (Samsung Mobile).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 MEDIUM by NIST (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), while Samsung Mobile assessed it with a score of 4.7 MEDIUM (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N). The vulnerability specifically involves the ChallengeNotificationManager component and is related to improper handling of PendingIntents, which could lead to unauthorized data access (NVD).

The vulnerability primarily affects the confidentiality of data, with potential for local attackers to access sensitive information through the Samsung Health application. The impact is limited to data access, with no reported effects on system integrity or availability (Samsung Mobile).

Samsung has addressed the vulnerability by adding proper access control in version 6.25 of Samsung Health. Users are advised to update their Samsung Health application to this version or later to mitigate the risk (Samsung Mobile).