Security Issue in Camera Plugin for Cordova Android Applications
CVE-2020-11990

3.3LOW

Key Information:

Vendor: Apache
Status: Apache Cordova ( Cordova-plugin-camera )
Vendor: CVE Published:; 1 December 2020

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security issue has been identified in the Camera Plugin for Cordova Android applications, which could allow attackers to access photos taken by the application. If a malicious Android application is installed by a user or they are tricked into installing it, the attacker may gain unauthorized access to sensitive images, compromising user privacy and data security. This vulnerability highlights the importance of secure application practices and user awareness.

Affected Version(s)

Apache Cordova ( cordova-plugin-camera ) [email protected] and below

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-11990-Cordova
Created by forse01

References

https://cordova.apache.org/news/2020/09/18/camera-plugin-...

x_refsource_MISC

http://jvn.jp/en/jp/JVN59779918/index.html

third-party-advisoryx_refsource_JVN

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 4, 2021
👾
Exploit known to exist
Feb 4, 2021
Vulnerability published
Dec 1, 2020
Vulnerability Reserved
Apr 21, 2020