Home > Vulnerability Database > CVE-2020-11990

Mend.io Vulnerability Database

CVE-2020-11990

Good to know:

Date: December 1, 2020

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

Language: Objective-C

Severity Score

3.3

Related Resources (4)

Url: http://jvn.jp/en/jp/JVN59779918/index.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-11990

Url: https://cordova.apache.org/news/2020/09/18/camera-plugin-release.html

Url: https://www.mend.io/vulnerability-database/CVE-2020-11990

Severity Score

3.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version cordova-plugin-camera - 5.0.0

Learn More

CVSS v3.1

Base Score:	3.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-11990

Good to know:

Date: December 1, 2020

Language: Objective-C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?