Description

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Remediation

References

http://www.securityfocus.com/bid/98365

https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E

Related Vulnerabilities

CVE-2019-16728 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify

CVE-2021-23374 Vulnerability in npm package ps-visitor

CVE-2018-9207 Vulnerability in maven package org.webjars.bowergithub.blueimp:jquery-file-upload

CVE-2022-1245 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2023-49210 Vulnerability in npm package openssl

Severity

High

Classification

CWE-532 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory VDB Entry