{"api_version":"1","generated_at":"2026-04-25T00:48:23+00:00","cve":"CVE-2023-21320","urls":{"html":"https://cve.report/CVE-2023-21320","api":"https://cve.report/api/cve/CVE-2023-21320.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-21320","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-21320"},"summary":{"title":"CVE-2023-21320","description":"In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","state":"PUBLIC","assigner":"security@android.com","published_at":"2023-10-30 17:15:00","updated_at":"2023-11-06 17:57:00"},"problem_types":["CWE-203"],"metrics":[],"references":[{"url":"https://source.android.com/docs/security/bulletin/android-14","name":"https://source.android.com/docs/security/bulletin/android-14","refsource":"MISC","tags":[],"title":"Android 14 Security Release Notes  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-21320","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-21320","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"21320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-21320","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information disclosure"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Google","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_affected":"=","version_value":"14"}]}}]}}]}},"references":{"reference_data":[{"url":"https://source.android.com/docs/security/bulletin/android-14","refsource":"MISC","name":"https://source.android.com/docs/security/bulletin/android-14"}]}},"nvd":{"publishedDate":"2023-10-30 17:15:00","lastModifiedDate":"2023-11-06 17:57:00","problem_types":["CWE-203"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndExcluding":"14.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}