{"api_version":"1","generated_at":"2026-05-13T18:46:30+00:00","cve":"CVE-2023-21237","urls":{"html":"https://cve.report/CVE-2023-21237","api":"https://cve.report/api/cve/CVE-2023-21237.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-21237","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-21237"},"summary":{"title":"Android Pixel Information Disclosure Vulnerability","description":"In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912","state":"PUBLIC","assigner":"security@android.com","published_at":"2023-06-28 18:15:00","updated_at":"2023-07-06 13:06:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2023-06-01","name":"https://source.android.com/security/bulletin/pixel/2023-06-01","refsource":"MISC","tags":[],"title":"Pixel Update Bulletin—June 2023  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-21237","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-21237","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"21237","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"13.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2023","cve_id":"21237","cve":"CVE-2023-21237","vendorProject":"Android","product":"Pixel","vulnerabilityName":"Android Pixel Information Disclosure Vulnerability ","dateAdded":"2024-03-05","shortDescription":"Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.","requiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","dueDate":"2024-03-26","knownRansomwareCampaignUse":"Unknown","notes":"https://source.android.com/docs/security/bulletin/pixel/2023-06-01;  https://nvd.nist.gov/vuln/detail/CVE-2023-21237","cwes":"CWE-200","catalogVersion":"2026.05.08","updated_at":"2026-05-08 17:29:15"},"epss":{"cve_year":"2023","cve_id":"21237","cve":"CVE-2023-21237","epss":"0.007240000","percentile":"0.726720000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:55"},"legacy_qids":[{"cve":"CVE-2023-21237","qid":"610491","title":"Google Pixel Android June 2023 Security Patch Missing"},{"cve":"CVE-2023-21237","qid":"610492","title":"Google Pixel Android July 2023 Security Patch Missing"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2023-21237","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_value":"Android-13"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://source.android.com/security/bulletin/pixel/2023-06-01","url":"https://source.android.com/security/bulletin/pixel/2023-06-01"}]},"description":{"description_data":[{"lang":"eng","value":"In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912"}]}},"nvd":{"publishedDate":"2023-06-28 18:15:00","lastModifiedDate":"2023-07-06 13:06:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}