CVE Vulnerabilities

CVE-2024-20853

Improper Verification of Intent by Broadcast Receiver

Published: Apr 02, 2024 | Modified: Mar 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.

Weakness

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Potential Mitigations

References