CVE-2016-6799

CWE-532Log File Information Exposure4 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache CordovaApache Software Foundation Apache Cordova Android
Timeline
PublishedMay 9
Latest updateSep 11

Description

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any applica

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

npmcordova-android< 6.0.0
NVDapache/cordova5.2.2

🔴Vulnerability Details

3
OSV
Information Exposure in cordova-android2020-09-11
GHSA
Information Exposure in cordova-android2020-09-11
CVEList
CVE-2016-6799: Product: Apache Cordova Android 52017-05-09
CVE-2016-6799 (HIGH CVSS 7.5) | Product: Apache Cordova Android 5.2 | cvebase.io