{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-10T16:58:57.344","vulnerabilities":[{"cve":{"id":"CVE-2022-20458","sourceIdentifier":"security@android.com","published":"2023-01-26T21:15:26.967","lastModified":"2025-04-02T15:15:44.183","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The logs of sensitive information (PII) or hardware identifier should only be printed in Android \"userdebug\" or \"eng\" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android \"user\" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776"},{"lang":"es","value":"Los registros de información confidencial (PII) o el identificador de hardware solo deben imprimirse en la compilación \"userdebug\" o \"eng\" de Android. StatusBarNotification.getKey() podría contener información confidencial. Sin embargo, CarNotificationListener.java imprime StatusBarNotification.getKey() directamente en los registros, que podrían contener el nombre de la cuenta del usuario (es decir, PII), en la compilación del \"usuario\" de Android. Producto: Versiones de Android: Android-12LID de Android: A-205567776"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*","matchCriteriaId":"C64C1583-CDE0-4C1F-BDE6-05643C1BDD72"}]}]}],"references":[{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"https://source.android.com/security/bulletin/aaos/2023-01-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}