Improper Authorization in teamamaze/amazefileutilities
Description
Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.91+ 1 more
- (no CPE)range: <1.91
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
Root cause
"The application did not properly clear intent flags and data when finishing an activity, potentially leading to unintended data exposure."
Attack vector
An attacker could trigger the vulnerability by interacting with the application in a way that causes the `WelcomePermissionScreen` activity to finish. This could involve a specific sequence of user actions or an indirect intent manipulation. The vulnerability lies in how the activity handles its own termination, specifically by not clearing sensitive information from the intent.
Affected code
The vulnerability exists in the `WelcomePermissionScreen` class, specifically within the `cancelWelcomeScreen` method. The provided patch modifies this method in the file `app/src/main/java/com/amaze/fileutilities/home_page/WelcomePermissionScreen.kt` [ref_id=1].
What the fix does
The patch modifies the `cancelWelcomeScreen` function within the `WelcomePermissionScreen` class. It now explicitly sets the intent's flags to -1 and clears the intent's data by setting it to null before finishing the activity. This ensures that any residual data or flags that could be misused are removed, preventing potential information leakage or unintended behavior upon activity termination [ref_id=1].
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.