Published:2018/12/21  Last Updated:2018/12/21

JVN#69812763
cordova-plugin-ionic-webview vulnerable to path traversal

Overview

cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability.

Products Affected

  • cordova-plugin-ionic-webview versions prior to 2.2.0
According to nmp, Inc. below versions are not affected by this vulnerability.
  • 2.0.0-beta.0
  • 2.0.0-beta.1
  • 2.0.0-beta.2
  • 2.1.0-0

Description

cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability (CWE-22) .

Impact

A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device.  As a result, contents of the file may be disclosed.

Solution

Recreate iOS application incorporating the latest version of cordova-plugin-ionic-webview
This vulnerability has been addressed in cordova-plugin-ionic-webview 2.2.0 and upper versions.
The developers of iOS applications using cordova-plugin-ionic-webview are recommended to recreate the applications incorporating the latest version of cordova-plugin-ionic-webview to resolve this vulnerability.

Vendor Status

Vendor Link
npm, Inc. Path Traversal cordova-plugin-ionic-webview
ionic-team Github: ionic-team/cordova-plugin-ionic-webview

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Base Score: 4.7
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score: 4.3
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

This vulnerability was first reported to npm, Inc. by the below reporters then also reported to IPA. Based on the coordination request made by the reporters, JPCERT/CC coordinated with npm, Inc. and published this advisory on JVN.

Reporters: Tatsuya Sakamto and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2018-16202
JVN iPedia JVNDB-2018-000133