CVE-2020-11990

low-risk

Published 2020-12-01

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.3/10 Low

LOCAL / LOW complexity

Affected Products (1)

Cordova

Affected Vendors

Apache

References (4)

Third Party Advisory http://jvn.jp/en/jp/JVN59779918/index.html

Release Notes https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html

Third Party Advisory http://jvn.jp/en/jp/JVN59779918/index.html

Release Notes https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal