CVE-2020-11990

3 documents3 sources

Severity

3.3LOW

EPSS

0.2%

top 63.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Cordova

Timeline

PublishedDec 1

Latest updateMay 24

Description

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5apache_cordova_(_cordova-plugin-camera_)[email protected] and below

▶NVDapache/cordova4.1.0

🔴Vulnerability Details

GHSA

GHSA-m538-3c4g-4cx5: We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications↗2022-05-24

▶

CVEList

CVE-2020-11990: We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications↗2020-12-01

▶