CVE-2020-11990: Improper Access Control

December 1, 2020 (updated December 7, 2020)

We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.

References

cordova.apache.org/news/2020/09/18/camera-plugin-release.html
nvd.nist.gov/vuln/detail/CVE-2020-11990

Detect and mitigate CVE-2020-11990 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →