How severe is CVE-2023-33188?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-33188?

This is classified as CWE-441, which is a common weakness in software security.

CVE-2023-33188 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.

Related Vulnerabilities

CVE-2022-39349

MEDIUM

CVSS:5.5(Medium)

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the ...

CWE-4412022

CVE-2023-21082

MEDIUM

CVSS:5.5(Medium)

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. This could lead to local informati...

CWE-4412023

CVE-2025-25061

MEDIUM

CVSS:5.8(Medium)

Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermed...

CWE-4412025

CVE-2018-16598

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUD...

CWE-4412018

CVE-2019-3996

MEDIUM

CVSS:6.5(Medium)

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

CWE-4412019

CVE-2020-5412

MEDIUM

CVSS:6.5(Medium)

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make request...

CWE-4412020