// For flags

CVE-2016-6799

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Producto: Apache Cordova Android versiones 5.2.2 y anteriores. La aplicación llama a los métodos de la clase Log. Los mensajes pasados hacia estos métodos (Log.v(), Log.d(), Log.i(), Log.w(), y Log.e()) son almacenados en una serie de búferes circulares en el dispositivo. Por defecto, se guardan un máximo de cuatro registros rotatorios de 16 KB además del registro actual. Los datos registrados pueden ser leídos con Logcat en el dispositivo. Cuando se usan plataformas anteriores a Android versión 4.1 (Jelly Bean), los datos de registro no son procesados por un sandbox por aplicación; cualquier aplicación instalada en el dispositivo tiene la capacidad de leer los datos registrados mediante otras aplicaciones.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-08-12 CVE Reserved
  • 2017-05-09 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-532: Insertion of Sensitive Information into Log File
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Cordova
Search vendor "Apache" for product "Cordova"
<= 5.2.2
Search vendor "Apache" for product "Cordova" and version " <= 5.2.2"
android
Affected