PT-2019-6167 · Apache Cordova · Cordova-Plugin-Ionic-Webview

Gaku Mochizuki

Publicado

2019-01-09

Atualizado

2019-10-15

CVE-2018-16202

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions cordova-plugin-ionic-webview versions prior to 2.2.0

Description The issue is related to a directory traversal vulnerability in the cordova-plugin-ionic-webview, which allows remote attackers to access arbitrary files via unspecified vectors. This vulnerability is due to insufficient restrictions on directory path names, enabling a remote attacker to access local files that should be inaccessible to third-party applications. The package launches a web server listening on http://localhost:8080 without restricting access, thus escaping the iOS application sandbox and accessing local files.

Recommendations Upgrade to version 2.2.0

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2022-01019

CVE-2018-16202

GHSA-XWJH-CP99-CJ8Q

Produtos afetados

Cordova-Plugin-Ionic-Webview

PT-2019-6167 · Apache Cordova · Cordova-Plugin-Ionic-Webview

CVE-2018-16202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10