CVE-2022-20458

The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776
References
Configurations

Configuration 1

cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*

Information

Published : 2023-01-26 09:15

Updated : 2023-02-01 03:03


NVD link : CVE-2022-20458

Mitre link : CVE-2022-20458

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File