OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000.
References
Link | Resource |
---|---|
https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2022/2022-11.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: OpenHarmony
Published: 2022-11-03T19:15:14.052046Z
Updated: 2022-12-12T09:47:38.527824Z
Reserved: 2022-10-31T00:00:00
Link: CVE-2022-43449
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-11-03T20:15:33.527
Modified: 2022-11-07T02:18:25.670
Link: CVE-2022-43449
JSON object: View
Redhat Information
No data.