CVE-2023-21237

CVE Database · CVE-2023-21237

CVE-2023-21237

· MEDIUMAnalyzed

CVSS v3.1

5.5

EPSS

0.26%

Published

Jun 28, 2023

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2024-03-05 · Due: 2024-03-26

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (1)

google · androidvulnerable

References (3)

https://source.android.com/security/bulletin/pixel/2023-06-01

Vendor Advisory

https://source.android.com/security/bulletin/pixel/2023-06-01

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21237

Third Party AdvisoryUS Government Resource

KEV Catalog EPSS Scores Vendors All CVEs