CVE-2016-6799

{"id": "CVE-2016-6799", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-05-09T15:29:00.203", "references": [{"url": "http://www.securityfocus.com/bid/98365", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/1f3e7b0319d64b455f73616f572acee36fbca31f87f5b2e509c45b69%40%3Cdev.cordova.apache.org%3E", "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications."}, {"lang": "es", "value": "Producto: Apache Cordova Android versiones 5.2.2 y anteriores. La aplicaci\u00f3n llama a los m\u00e9todos de la clase Log. Los mensajes pasados hacia estos m\u00e9todos (Log.v(), Log.d(), Log.i(), Log.w(), y Log.e()) son almacenados en una serie de b\u00faferes circulares en el dispositivo. Por defecto, se guardan un m\u00e1ximo de cuatro registros rotatorios de 16 KB adem\u00e1s del registro actual. Los datos registrados pueden ser le\u00eddos con Logcat en el dispositivo. Cuando se usan plataformas anteriores a Android versi\u00f3n 4.1 (Jelly Bean), los datos de registro no son procesados por un sandbox por aplicaci\u00f3n; cualquier aplicaci\u00f3n instalada en el dispositivo tiene la capacidad de leer los datos registrados mediante otras aplicaciones."}], "lastModified": "2023-11-07T02:34:07.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cordova:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "C5AF4A21-17E3-492A-BEA9-73C891342BAD", "versionEndIncluding": "5.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}