Vigil@nce - Cordova Android: two vulnerabilities
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Cordova Android.
Impacted products: Android Applications not comprehensive.
Severity: 2/4.
Creation date: 24/11/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Cordova Android.
An attacker can bypass security features in Whitelist, in order to
escalate his privileges with Cordova Android 3.7.2 and previous.
[severity:2/4; CVE-2015-5256]
An attacker can guess a BridgeSecret, in order to bypass an
authentication with Cordova Android 3.6.4 and previous.
[severity:2/4; CVE-2015-5257, CVE-2015-8320]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cordova-Android-two-vulnerabilities-18369