Vulnerability Description
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cordova | <= 5.2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98365Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f
- http://www.securityfocus.com/bid/98365Third Party AdvisoryVDB Entry
- https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f
FAQ
What is CVE-2016-6799?
CVE-2016-6799 is a vulnerability with a CVSS score of 7.5 (HIGH). Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a se...
How severe is CVE-2016-6799?
CVE-2016-6799 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6799?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Cordova.