CVE-2018-1000123
First published: Tue Mar 13 2018(Updated: )
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ionic Framework | <=2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-1000123?
CVE-2018-1000123 is classified as having a high severity due to its potential for sensitive data leakage.
How do I fix CVE-2018-1000123?
To fix CVE-2018-1000123, update the Ionic Team Cordova iOS Keychain plugin to a version later than commit 18233ca.
What types of data are affected by CVE-2018-1000123?
CVE-2018-1000123 can lead to the leakage of sensitive data such as login credentials and passwords.
Which versions of the Ionic Team Cordova iOS Keychain plugin are vulnerable to CVE-2018-1000123?
Versions of the Ionic Team Cordova iOS Keychain plugin prior to 2.0.0 are vulnerable to CVE-2018-1000123.
Is CVE-2018-1000123 still exploitable in newer versions?
No, CVE-2018-1000123 is not exploitable in versions of the plugin released after the fix was applied.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/references
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ionicframework
- canonical/ionic framework
- version/ionic framework/2.0.0