{"id":"PUB-A-216117246","details":"In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-216117246","CVE-2023-20976"],"modified":"2026-04-03T15:37:31.002635Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["84973403902456332933103075042449787071","288182705816889430905902931154580621787","243979803866077354900593225175769869966","282458826607158652167865292557120657053"]},"match_only_versions":["13-next"],"target":{"file":"src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d","signature_type":"Line","id":"PUB-A-216117246-16bd01b2","signature_version":"v1"},{"digest":{"length":244,"function_hash":"295698862211025002714271578403236704219"},"match_only_versions":["13-next"],"target":{"function":"getConfirmationMessage","file":"src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d","signature_type":"Function","id":"PUB-A-216117246-3b740970","signature_version":"v1"}],"spl":"2023-06-01","types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-216117246.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"length":244,"function_hash":"295698862211025002714271578403236704219"},"match_only_versions":["13"],"target":{"function":"getConfirmationMessage","file":"src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d","signature_type":"Function","id":"PUB-A-216117246-86070c11","signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["84973403902456332933103075042449787071","288182705816889430905902931154580621787","243979803866077354900593225175769869966","282458826607158652167865292557120657053"]},"match_only_versions":["13"],"target":{"file":"src/com/android/settings/applications/defaultapps/DefaultAutofillPicker.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d","signature_type":"Line","id":"PUB-A-216117246-f4c97e47","signature_version":"v1"}],"spl":"2023-06-01","types":["EoP"],"severity":"Moderate","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/be9cb36c6ed3d7a0c5bd570e39a029d90f19e77d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-216117246.json"}}],"schema_version":"1.7.5"}