What is the severity of CVE-2017-3160?

CVE-2017-3160 is considered to have a medium severity level due to the potential for a Man-in-the-Middle (MitM) attack.

How do I fix CVE-2017-3160?

To fix CVE-2017-3160, you should update your Apache Cordova Android version to 6.1.3 or later, where the vulnerability is addressed.

What types of attacks does CVE-2017-3160 make vulnerable?

CVE-2017-3160 makes systems vulnerable to Man-in-the-Middle (MitM) attacks during the Gradle fetch process.

Which versions of Apache Cordova Android are affected by CVE-2017-3160?

CVE-2017-3160 affects Apache Cordova Android versions earlier than 6.1.3.

Is CVE-2017-3160 specific to certain Android devices?

CVE-2017-3160 is a vulnerability that affects any Android application built using affected versions of Apache Cordova.

Vulnerability/
CVE-2017-3160

high

7.4

1/2/2018

16/9/2024

CVE-2017-3160

First published: Thu Feb 01 2018(Updated: )

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache Cordova	<6.1.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-3160?
CVE-2017-3160 is considered to have a medium severity level due to the potential for a Man-in-the-Middle (MitM) attack.
How do I fix CVE-2017-3160?
To fix CVE-2017-3160, you should update your Apache Cordova Android version to 6.1.3 or later, where the vulnerability is addressed.
What types of attacks does CVE-2017-3160 make vulnerable?
CVE-2017-3160 makes systems vulnerable to Man-in-the-Middle (MitM) attacks during the Gradle fetch process.
Which versions of Apache Cordova Android are affected by CVE-2017-3160?
CVE-2017-3160 affects Apache Cordova Android versions earlier than 6.1.3.
Is CVE-2017-3160 specific to certain Android devices?
CVE-2017-3160 is a vulnerability that affects any Android application built using affected versions of Apache Cordova.

agent/type
agent/softwarecombine
agent/author
agent/references
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apache
canonical/apache cordova

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.