Vulnerabilities > CVE-2020-11990 - Unspecified vulnerability in Apache Cordova 4.1.0

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

apache

NVD

Published: 2020-12-01

Updated: 2022-01-01

Summary

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Cordova 4.1.0	1

References

https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html
http://jvn.jp/en/jp/JVN59779918/index.html