CVE-2023-21277 — In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privilege — CVE Database · The Intelligence Room