Access Bypass Vulnerability in Apache Cordova iOS Product by The Apache Software Foundation
CVE-2015-5207

5.3MEDIUM

Key Information:

Vendor
Apache
Status
Cordova
Vendor
CVE Published:
9 May 2016

Summary

The Apache Cordova iOS product, prior to version 4.0.0, is susceptible to an access bypass vulnerability that enables attackers to circumvent a critical URL whitelist protection mechanism. This flaw can be exploited by leveraging unspecified methods to load arbitrary resources, potentially leading to unauthorized access or exposure of sensitive information. Developers are urged to update to the latest version to mitigate the risks associated with this vulnerability.

References

http://packetstormsecurity.com/files/136840/Apache-Cordov...
x_refsource_MISC
https://cordova.apache.org/announcements/2016/04/27/secur...
x_refsource_CONFIRM
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000058.html
third-party-advisoryx_refsource_JVNDB

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.