Apache Cordova 3.5.0 Data Leak

2014.08.13
Risk: Low
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

The following text is amended from the original that was sent on August 4th. More background information on this amendment can be found at http://cordova.apache.org/announcements/2014/08/06/android-351-update.html Android Platform Release: 04 Aug 2014 CVE-2014-3502: Cordova apps can potentially leak data to other apps via URL loading Severity: Medium Vendor: The Apache Software Foundation Versions Affected: Cordova Android versions up to 3.5.0 Description: Android applications built with the Cordova framework can launch other applications through the use of anchor tags, or by redirecting the webview to an Android intent URL. An attacker who can manipulate the HTML content of a Cordova application can create links which open other applications and send arbitrary data to those applications. An attacker who can run arbitrary JavaScript code within the context of the Cordova application can also set the document location to such a URL. By using this in concert with a second, vulnerable application, an attacker might be able to use this method to send data from the Cordova application to the network. The latest release of Cordova Android takes steps to block explicit Android intent urls, so that they can no longer be used to start arbitrary applications on the device. Implicit intents, including URLs with schemes such as "tel", "geo", and "sms" can still be used to open external applications by default, but this behaviour can be overridden by plugins. Upgrade path: Developers who are concerned about this should rebuild their applications with Cordova Android 3.5.1. Credit: This issue was discovered by David Kaplan and Roee Hay of IBM Security Systems.

References:

http://cordova.apache.org/announcements/2014/08/06/android-351-update.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top