CVE-2023-21288 — In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileg — CVE Database · The Intelligence Room