Lucene search
Mark WardNODEJS:964HistoryJun 13, 2019 - 7:36 p.m.
Information Exposure
2019-06-1319:36:52
Mark Ward
www.npmjs.com
10
0.001 Low
EPSS
Percentile
38.8%
Overview
Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
Recommendation
Upgrade to version 6.0.0 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| cordova-android | lt | 6.0.0 |
Related
cve
cve
CVE-2016-6799
2017-05-09 15:29:00
osv
osv
Information Exposure in cordova-android
2020-09-11 21:14:49
CVE-2016-6799
2017-05-09 15:29:00
nvd
nvd
CVE-2016-6799
2017-05-09 15:29:00
github
github
Information Exposure in cordova-android
2020-09-11 21:14:49
prion
prion
Code injection
2017-05-09 15:29:00
zdt
zdt
Apache Cordova Android 5.2.2 Information Leak Vulnerability
2017-05-11 00:00:00
cvelist
cvelist
CVE-2016-6799
2017-05-09 15:00:00
