CWE-926
AllowedImproper Export of Android Application Components
Abstraction: Variant · Status: Incomplete
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.
147 vulnerabilities reference this CWE, most recent first.
GHSA-HJ3F-9Q6F-GR63
Vulnerability from github – Published: 2025-08-29 21:32 – Updated: 2025-08-29 21:32A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-9676"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T21:15:37Z",
"severity": "MODERATE"
},
"details": "A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-hj3f-9q6f-gr63",
"modified": "2025-08-29T21:32:02Z",
"published": "2025-08-29T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9676"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ncsoft.universeapp.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321888"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321888"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.638074"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HR3F-Q8MM-3JM3
Vulnerability from github – Published: 2025-08-09 06:30 – Updated: 2025-08-09 06:30A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8745"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-09T05:15:29Z",
"severity": "MODERATE"
},
"details": "A vulnerability, which was classified as problematic, has been found in Weee RICEPO App 6.17.77 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.ricepo.app. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-hr3f-q8mm-3jm3",
"modified": "2025-08-09T06:30:28Z",
"published": "2025-08-09T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8745"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ricepo.app.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.ricepo.app.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319241"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319241"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.623581"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HV33-W2JR-7Q49
Vulnerability from github – Published: 2025-07-20 15:30 – Updated: 2025-07-20 15:30A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-7892"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-20T14:15:28Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component de.idnow. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-hv33-w2jr-7q49",
"modified": "2025-07-20T15:30:27Z",
"published": "2025-07-20T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7892"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/de.idnow.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317007"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317007"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.615279"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HV63-3J99-P668
Vulnerability from github – Published: 2025-08-08 03:31 – Updated: 2025-08-08 03:31A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-8707"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-08T03:15:25Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-hv63-3j99-p668",
"modified": "2025-08-08T03:31:50Z",
"published": "2025-08-08T03:31:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8707"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.huuge.game.zjbox.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.huuge.game.zjbox.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.319137"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.319137"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.619858"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-HXX7-8JPF-2VG3
Vulnerability from github – Published: 2023-03-24 21:30 – Updated: 2023-03-28 21:30In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210
{
"affected": [],
"aliases": [
"CVE-2023-20962"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T20:15:00Z",
"severity": "MODERATE"
},
"details": "In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210",
"id": "GHSA-hxx7-8jpf-2vg3",
"modified": "2023-03-28T21:30:21Z",
"published": "2023-03-24T21:30:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20962"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2023-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J4M8-7J2F-9V62
Vulnerability from github – Published: 2025-07-26 21:31 – Updated: 2025-07-26 21:31A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-8207"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-26T20:15:24Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on Android and classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.canarabank.mobility. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-j4m8-7j2f-9v62",
"modified": "2025-07-26T21:31:13Z",
"published": "2025-07-26T21:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8207"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.canarabank.mobility.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.317777"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.317777"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.615777"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J5HX-W4CQ-6522
Vulnerability from github – Published: 2026-05-07 01:05 – Updated: 2026-05-11 15:32Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.
{
"affected": [],
"aliases": [
"CVE-2026-3291"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T22:16:25Z",
"severity": "MODERATE"
},
"details": "Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.",
"id": "GHSA-j5hx-w4cq-6522",
"modified": "2026-05-11T15:32:08Z",
"published": "2026-05-07T01:05:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3291"
},
{
"type": "WEB",
"url": "https://support.hp.com/us-en/document/ish_14864662-14864690-16/hpsbgn04093"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JFVJ-X4V5-JGQR
Vulnerability from github – Published: 2025-08-29 21:32 – Updated: 2026-04-29 04:12A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-9673"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T20:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in Kakao \ud5e4\uc774\uce74\uce74\uc624 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-jfvj-x4v5-jgqr",
"modified": "2026-04-29T04:12:13Z",
"published": "2025-08-29T21:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9673"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.kakao.i.connect.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.321883"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.321883"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.637925"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JXGF-P72G-V48G
Vulnerability from github – Published: 2025-12-11 15:30 – Updated: 2026-04-29 04:13A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2025-14517"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-11T14:16:20Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in Yalantis uCrop 2.2.11. This affects the function UCropActivity\u00a0 of the file AndroidManifest.xml. Executing manipulation can lead to improper export of android application components. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-jxgf-p72g-v48g",
"modified": "2026-04-29T04:13:36Z",
"published": "2025-12-11T15:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14517"
},
{
"type": "WEB",
"url": "https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446#469832583e0444dcb3d08b0ca661d1c6"
},
{
"type": "WEB",
"url": "https://mesquite-dream-86b.notion.site/uCrop-Library-SSRF-and-Intent-Spoofing-2b8512562197804dae69edf96b942446?source=copy_link"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.335855"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.335855"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.702811"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-M427-85JP-939V
Vulnerability from github – Published: 2025-08-18 00:30 – Updated: 2025-08-18 00:30A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2025-9093"
],
"database_specific": {
"cwe_ids": [
"CWE-926"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-17T22:15:25Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.",
"id": "GHSA-m427-85jp-939v",
"modified": "2025-08-18T00:30:30Z",
"published": "2025-08-18T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9093"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.buzzfeed.android.md"
},
{
"type": "WEB",
"url": "https://github.com/KMov-g/androidapps/blob/main/com.buzzfeed.android.md#steps-to-reproduce"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.320415"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.320415"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.623584"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Strategy: Attack Surface Reduction
If they do not need to be shared by other applications, explicitly mark components with android:exported="false" in the application manifest.
Mitigation
Strategy: Attack Surface Reduction
If you only intend to use exported components between related apps under your control, use android:protectionLevel="signature" in the xml manifest to restrict access to applications signed by you.
Mitigation
Strategy: Attack Surface Reduction
Limit Content Provider permissions (read/write) as appropriate.
Mitigation
Strategy: Separation of Privilege
Limit Content Provider permissions (read/write) as appropriate.
No CAPEC attack patterns related to this CWE.