CVE-2016-6799

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Cordova Android
Vendor: CVE Published:; 9 May 2017

Summary

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Affected Version(s)

Apache Cordova Android 5.2.2 and earlier

References

http://www.securityfocus.com/bid/98365

vdb-entryx_refsource_BID

https://lists.apache.org/thread.html/1f3e7b0319d64b455f73...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2017
Vulnerability Reserved
Aug 12, 2016