[MAVEN:GHSA-CM6R-892J-JV2G] Google Play Services SDK leads to apps having incorrectly set mutability flag

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps.

Package	Affected Version
pkg:maven/com.google.android.gms/play-services-basement	< 18.0.2

Package	Fixed Version
pkg:maven/com.google.android.gms/play-services-basement	= 18.0.2

ID: MAVEN:GHSA-CM6R-892J-JV2G
Severity: moderate
URL: https://github.com/advisories/GHSA-cm6r-892j-jv2g
Published: 2022-08-13T00:00:43
(2 years ago)
Modified: 2023-01-30T05:06:49
(19 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2022-2390
			https://developers.google.com/android/guides/releases#may_03_2022
			https://mvnrepository.com/artifact/com.google.android.gms/play-services-basement/18.0.2
			https://github.com/advisories/GHSA-cm6r-892j-jv2g

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/com.google.android.gms/play-services-basement	com.google.android.gms	play-services-basement	< 18.0.2
Fixed	pkg:maven/com.google.android.gms/play-services-basement	com.google.android.gms	play-services-basement	= 18.0.2

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date