GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Google
Apple
Information Disclosure
Google Apple Exposure Notifications
NVD
CVSS 3.1
3.3
EPSS
0.1%