DerScanner
Home / Vulnerability Database / Config files : Missing component permission
Config files

Config files : Missing component permission

Classification

OWASP Top 10 2013
A5-Security Misconfiguration
OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A5-Security Misconfiguration
HIPAA
§164.312 (a)(1)
CWE
CWE-250CWE-276CWE-732CWE-926CWE-1031
CWE/SANS Top 25 2011
CWE-250CWE-732
CWE/SANS Top 25 2021
CWE-276CWE-732

Overview

The manifest file of the application does not explicitly determine access control to the public object (android:permission="FriendsOnly").

Any application can access to the public objects that access control aren’t explicitly determined in the manifest file.

Default value of an exported attribute recives and service componetns of the application based on presence or absence of an intent-filter. Persence of an intent-filter determinates that this component is intented for external use and an exported sets to true.

References

  1. OWASP Top 10-2017 A6-Security Misconfiguration
  2. Component Security and Permissions
  3. Security tips
  4. CWE-926
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A5 - Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Missing component permission in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection