CVE-2016-6799
First published: Tue May 09 2017(Updated: )
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Cordova | <=5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-6799?
CVE-2016-6799 has been assigned a medium severity rating due to potential information disclosure risks.
How do I fix CVE-2016-6799?
To fix CVE-2016-6799, upgrade Apache Cordova Android to version 5.3.0 or later.
What systems are affected by CVE-2016-6799?
CVE-2016-6799 affects Apache Cordova Android version 5.2.2 and earlier.
What is the nature of the vulnerability in CVE-2016-6799?
CVE-2016-6799 involves the logging mechanism where sensitive information may be stored in circular buffers.
Is there a workaround for CVE-2016-6799?
A temporary workaround for CVE-2016-6799 is to minimize sensitive information logged by the application.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache cordova
- version/apache cordova/5.2.2