Author: janpio
Date: Mon Nov 30 18:32:25 2020
New Revision: 1883958
URL: http://svn.apache.org/viewvc?rev=1883958&view=rev
Log:
Updated docs
Added:
cordova/site/public/news/2020/11/
cordova/site/public/news/2020/11/30/
cordova/site/public/news/2020/11/30/cve-2020-11990.html
Modified:
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
cordova/site/public/blog/index.html
cordova/site/public/feed.xml
cordova/site/public/sitemap.xml
Modified:
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html?rev=1883958&r1=1883957&r2=1883958&view=diff
==============================================================================
---
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
(original)
+++
cordova/site/public/announcements/2020/10/02/cordova-electron-release-2.0.0.html
Mon Nov 30 18:32:25 2020
@@ -274,11 +274,11 @@ cordova platform add [email protected]
</div>
<div class="col-sm-6">
- <a href="/2020/11/30/cve-2020-11990.html">Next</a>
+ <a href="/news/2020/11/30/cve-2020-11990.html">Next</a>
<br>
<br>
- <a class="title"
href="/2020/11/30/cve-2020-11990.html">Cve 2020 11990</a>
- <div class="date"> 30 Nov 2020 - By </div>
+ <a class="title"
href="/news/2020/11/30/cve-2020-11990.html">Security Advisory CVE-2020-11990</a>
+ <div class="date"> 30 Nov 2020 - By Jesse MacFadyen </div>
<p class="content">
<!--
NOTE:
@@ -291,7 +291,7 @@ cordova platform add [email protected]
Reference:
https://github.com/jekyll/jekyll/issues/2860
-->
- layout: post author: name: Jesse MacFadyen title:
"Security Advisory CVE-2020-11990" categories: news...
+ We have resolved a security issue in the camera plugin
that could...
</p>
</div>
Modified: cordova/site/public/blog/index.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/blog/index.html?rev=1883958&r1=1883957&r2=1883958&view=diff
==============================================================================
--- cordova/site/public/blog/index.html (original)
+++ cordova/site/public/blog/index.html Mon Nov 30 18:32:25 2020
@@ -128,31 +128,21 @@
<header>
<div class="adorner" blogTime="Mon, 30 Nov 2020 00:00:00
+0000"></div>
<h2 class="title">
- <a href="/2020/11/30/cve-2020-11990.html">Cve 2020
11990</a>
+ <a
href="/news/2020/11/30/cve-2020-11990.html">Security Advisory CVE-2020-11990</a>
</h2>
<div class="details">
<span class="date">30 Nov 2020</span>
- by
<span class="author">
-
+ Jesse MacFadyen
</span>
- <a class="comment"
href="/2020/11/30/cve-2020-11990.html#disqus_thread"></a>
+ <a class="comment"
href="/news/2020/11/30/cve-2020-11990.html#disqus_thread"></a>
</div>
</header>
<section class="post-excerpt">
- <p><hr>
-
-<p>layout: post
-author:
- name: Jesse MacFadyen
-title: "Security Advisory CVE-2020-11990"
-categories: news</p>
-
-<h2>tags: security advisory</h2>
-
-<p>We have resolved a security issue in the camera plugin that could have
affected certain Cordova (Android) applications.</p>
+ <p><p>We have resolved a security issue in the camera
plugin that could have affected certain Cordova (Android) applications.</p>
<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin camera vulnerable to
information disclosure</p>
@@ -197,7 +187,7 @@ categories: news</p>
<p><strong>Credit:</strong> JPCERT/CC Vulnerability Coordination Group.
(JVN#59779918)</p>
</p>
- <div><a
href="/2020/11/30/cve-2020-11990.html">More...</a></div>
+ <div><a
href="/news/2020/11/30/cve-2020-11990.html">More...</a></div>
</section>
</li>
Modified: cordova/site/public/feed.xml
URL:
http://svn.apache.org/viewvc/cordova/site/public/feed.xml?rev=1883958&r1=1883957&r2=1883958&view=diff
==============================================================================
--- cordova/site/public/feed.xml (original)
+++ cordova/site/public/feed.xml Mon Nov 30 18:32:25 2020
@@ -6,23 +6,13 @@
</description>
<link>https://cordova.apache.org/</link>
<atom:link href="https://cordova.apache.org/feed.xml"; rel="self"
type="application/rss+xml"/>
- <pubDate>Mon, 30 Nov 2020 17:47:38 +0000</pubDate>
- <lastBuildDate>Mon, 30 Nov 2020 17:47:38 +0000</lastBuildDate>
+ <pubDate>Mon, 30 Nov 2020 18:15:13 +0000</pubDate>
+ <lastBuildDate>Mon, 30 Nov 2020 18:15:13 +0000</lastBuildDate>
<generator>Jekyll v2.5.3</generator>
<item>
- <title>Cve 2020 11990</title>
- <description><hr>
-
-<p>layout: post
-author:
- name: Jesse MacFadyen
-title: &quot;Security Advisory CVE-2020-11990&quot;
-categories: news</p>
-
-<h2>tags: security advisory</h2>
-
-<p>We have resolved a security issue in the camera plugin that could
have affected certain Cordova (Android) applications.</p>
+ <title>Security Advisory CVE-2020-11990</title>
+ <description><p>We have resolved a security issue in the camera
plugin that could have affected certain Cordova (Android)
applications.</p>
<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin
camera vulnerable to information disclosure</p>
@@ -68,9 +58,15 @@ categories: news</p>
<p><strong>Credit:</strong> JPCERT/CC Vulnerability
Coordination Group. (JVN#59779918)</p>
</description>
<pubDate>Mon, 30 Nov 2020 00:00:00 +0000</pubDate>
- <link>https://cordova.apache.org/2020/11/30/cve-2020-11990.html</link>
- <guid
isPermaLink="true">https://cordova.apache.org/2020/11/30/cve-2020-11990.html</guid>
+
<link>https://cordova.apache.org/news/2020/11/30/cve-2020-11990.html</link>
+ <guid
isPermaLink="true">https://cordova.apache.org/news/2020/11/30/cve-2020-11990.html</guid>
+
+ <category>security</category>
+
+ <category>advisory</category>
+
+ <category>news</category>
</item>
Added: cordova/site/public/news/2020/11/30/cve-2020-11990.html
URL:
http://svn.apache.org/viewvc/cordova/site/public/news/2020/11/30/cve-2020-11990.html?rev=1883958&view=auto
==============================================================================
--- cordova/site/public/news/2020/11/30/cve-2020-11990.html (added)
+++ cordova/site/public/news/2020/11/30/cve-2020-11990.html Mon Nov 30 18:32:25
2020
@@ -0,0 +1,320 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8">
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <meta name="format-detection" content="telephone=no">
+ <meta name="viewport" content="user-scalable=no, initial-scale=1,
maximum-scale=1, minimum-scale=1, width=device-width" />
+ <meta name="description" content="We have resolved a security issue in the
camera plugin that could have affected certain Cordova (Android)
applications.CVE-2020-11990: Apache Cordova Plugin ...">
+
+ <title>
+
+
+ Security Advisory CVE-2020-11990 - Apache Cordova
+
+
+ </title>
+
+ <link rel="SHORTCUT ICON" href="/favicon.ico"/>
+
+
+
+
+
+
+ <link rel="canonical"
href="https://cordova.apache.org/news/2020/11/30/cve-2020-11990.html";>
+
+ <!-- CSS -->
+ <link rel="stylesheet" type="text/css" href="/static/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/static/css/lib/syntax.css">
+ <!-- Algolia Search CSS -->
+ <link rel="stylesheet"
href="https://cdn.jsdelivr.net/docsearch.js/1/docsearch.min.css"; />
+
+ <!-- Fonts -->
+ <!-- For attribution information, see www/attributions.html -->
+ <link
href='https://fonts.googleapis.com/css?family=Raleway:700,400,300,700italic,400italic,300italic'
rel='stylesheet' type='text/css'>
+
+ <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media
queries -->
+ <!--[if lt IE 9]>
+ <script
src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js";></script>
+ <script
src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js";></script>
+ <![endif]-->
+ <script type="text/javascript">
+ var disqus_developer = 1; // this would set it to developer mode
+ </script>
+
+ <!-- JS -->
+ <script defer type="text/javascript"
src="/static/js/lib/jquery-2.1.1.min.js"></script>
+ <script defer type="text/javascript"
src="/static/js/lib/bootstrap.min.js"></script>
+
+ <script>
+
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new
Date();a=s.createElement(o),
+
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+ ga('create', 'UA-64283057-3', 'auto');
+ ga('send', 'pageview');
+</script>
+
+</head>
+
+<body>
+ <header>
+ <a class="scroll-point pt-top" name="top"></a>
+ <nav class="navbar navbar-inverse navbar-fixed-top">
+ <div class="container-fluid">
+ <div class="navbar-header">
+ <button type="button" class="navbar-toggle collapsed"
data-toggle="collapse" data-target="#navbar" aria-expanded="false"
aria-controls="navbar">
+ <span class="sr-only">Toggle navigation</span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/"><img id="logo_top"
src="/static/img/cordova-logo-newbrand.svg"/></a>
+ </div>
+ <div id="navbar" class="navbar-collapse collapse">
+ <div class="nav_bar_center">
+ <ul class="nav navbar-nav">
+ <li >
+ <a href="/docs/en/latest/">Documentation</a>
+ </li>
+ <li >
+ <a href="/plugins">Plugins</a>
+ </li>
+ <li class="active">
+ <a href="/blog" id="blog_button">Blog<span
class="badge" id="new_blog_count"></span></a>
+ </li>
+ <li >
+ <a href="/contribute">Contribute</a>
+ </li>
+ <li >
+ <a href="/contribute/team.html">Team</a>
+ </li>
+ <li>
+ <a href="/#getstarted">Get Started</a>
+ </li>
+ <li>
+ <form class="navbar-form navbar-right"
id="header-search-form" role="search">
+ <div class="input-group">
+
+
+
+ <input id="header-search-field"
type="text" placeholder="Search '9.x' docs..." class="form-control hidden-xs"
autocomplete="off">
+ </div>
+ </form>
+ </li>
+ </ul>
+ </div>
+ </div><!--/.navbar-collapse -->
+ </div>
+ </nav>
+ <div id="_fixed_navbar_spacer" style="padding-top:50px"></div>
+</header>
+
+<div class="page container">
+ <div class="blog">
+ <h1 class="blogHeader">
+ Blog
+ <span class="rss">
+ <img src="/static/img/subscribe.png"><a href="/feed.xml">RSS Feed</a>
+ </span>
+</h1>
+
+<div class="post">
+ <header>
+ <div class="title">Security Advisory CVE-2020-11990</div>
+ <div class="author">By:
+
+ Jesse MacFadyen
+
+ </div>
+ <div class="date">30 Nov 2020</div>
+ </header>
+ <section>
+ <div>
+ <p>We have resolved a security issue in the camera plugin that
could have affected certain Cordova (Android) applications.</p>
+
+<p><strong>CVE-2020-11990:</strong> Apache Cordova Plugin camera vulnerable to
information disclosure</p>
+
+<p><strong>Type of Vulnerability:</strong></p>
+
+<p>CWE-200: Exposure of Sensitive Information to an Unauthorized Actor</p>
+
+<p><strong>Severity:</strong> Low</p>
+
+<p><strong>Vendor:</strong> The Apache Software Foundation</p>
+
+<p><strong>Possible attackers condition:</strong></p>
+
+<p>An attacker who can install (or lead the victim to install) the specially
crafted (or malicious) Android application. Android documentation describes the
external cache location as application specific, however,
+<em>"There is no security enforced with these files. For example, any
application holding Manifest.permission.WRITE</em>EXTERNAL<em>STORAGE can write
to these files."</em>
+( and thereby read )</p>
+
+<p><strong>Possible victims:</strong></p>
+
+<p>Android users that take pictures with an Apache Cordova based application
and attached removable storage.</p>
+
+<p><strong>Possible Impacts:</strong></p>
+
+<ul>
+<li>Confidentiality is breached.</li>
+<li>The image file (photo) taken by the Android apps that was developed using
the Apache Cordova camera plugin will be disclosed.</li>
+</ul>
+
+<p><strong>Versions Affected:</strong></p>
+
+<p>Cordova Android applications using the Camera plugin</p>
+
+<p>( cordova-plugin-camera version 4.1.0 and below )</p>
+
+<p><strong>Upgrade path:</strong></p>
+
+<p>Developers who are concerned about this issue should install version 5.0.0
or higher of cordova-plugin-camera</p>
+
+<p><strong>Mitigation Steps:</strong></p>
+
+<p>Upgrade plugin and rebuild application, update deployments.</p>
+
+<p><strong>Credit:</strong> JPCERT/CC Vulnerability Coordination Group.
(JVN#59779918)</p>
+
+ </div>
+ </section>
+ <footer>
+ <div class="row">
+ <div class="col-sm-6">
+
+ <a
href="/announcements/2020/10/02/cordova-electron-release-2.0.0.html">Previous</a>
+ <br>
+ <br>
+ <a class="title"
href="/announcements/2020/10/02/cordova-electron-release-2.0.0.html">Cordova
Electron 2.0.0 Released!</a>
+ <div class="date"> 02 Oct 2020 - By Bryan Ellis </div>
+ <p class="content">
+ We are happy to announce that we have just released
Cordova Electron...
+ </p>
+
+ </div>
+ <div class="col-sm-6">
+
+ </div>
+ </div>
+ </footer>
+ <div class="disqus">
+ <div id="disqus_thread"></div>
+<script type="text/javascript">
+ /* * * CONFIGURATION VARIABLES * * */
+ var disqus_shortname = 'cordovablogs';
+
+ /* * * DON'T EDIT BELOW THIS LINE * * */
+ (function() {
+ var dsq = document.createElement('script'); dsq.type =
'text/javascript'; dsq.async = true;
+ dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+ (document.getElementsByTagName('head')[0] ||
document.getElementsByTagName('body')[0]).appendChild(dsq);
+ })();
+</script>
+<noscript>Please enable JavaScript to view the <a
href="https://disqus.com/?ref_noscript"; rel="nofollow">comments powered by
Disqus.</a></noscript>
+
+ </div>
+</div>
+
+</div>
+
+</div>
+
+<div class="blue-divider"></div>
+<footer>
+ <div class="container">
+ <div class="row">
+ <div class="col-sm-9">
+ <h1>More Resources</h1>
+ <div class="row">
+ <div class="col-sm-4">
+ <h2>General</h2>
+ <ul class="nav">
+ <li>
+ <a target="_blank"
href="https://projects.apache.org/project.html?cordova";>Apache Project Page</a>
+ </li>
+ <li>
+ <a
href="http://www.apache.org/dyn/closer.cgi/cordova";>Source Distribution</a>
+ </li>
+ <li>
+ <a target="_blank"
href="http://www.apache.org/licenses/LICENSE-2.0";>License</a>
+ </li>
+ <li>
+ <a href="/artwork">Artwork</a>
+ </li>
+ </ul>
+ </div>
+ <div class="col-sm-4">
+ <h2>Development</h2>
+ <ul class="nav">
+ <li><a target="_blank"
href="https://github.com/apache?utf8=%E2%9C%93&q=cordova-";>Source
Code</a></li>
+ <li><a target="_blank"
href="https://issues.apache.org/jira/browse/CB/";>Issue Tracker</a></li>
+ <li><a target="_blank"
href="http://stackoverflow.com/questions/tagged/cordova";>Stack Overflow</a></li>
+ <li><a href="/contact">Mailing List</a></li>
+ <li><a href="/contribute/nightly_builds.html">Nightly
builds</a></li>
+ </ul>
+ </div>
+ <div class="col-sm-4">
+ <h2>Apache Software Foundation</h2>
+ <ul class="nav">
+ <li>
+ <a target="_blank" href="http://www.apache.org/";>About
ASF</a>
+ </li>
+ <li>
+ <a target="_blank"
href="http://www.apache.org/foundation/sponsorship.html";>Become a Sponsor</a>
+ </li>
+ <li>
+ <a target="_blank"
href="http://www.apache.org/foundation/thanks.html";>Thanks</a>
+ </li>
+ <li>
+ <a target="_blank"
href="http://www.apache.org/security/";>Security</a>
+ </li>
+ </ul>
+ </div>
+ </div>
+ </div>
+ <div class="col-sm-3">
+ <h1>Contribute</h1>
+ <p style="padding-top:20px"><strong>Help Cordova move
forward!</strong></p>
+ <p>Report bugs, improve the docs, or contribute to the code.</p>
+ <a href="/contribute" class="btn btn-lg btn-primary">
+ Learn More
+ </a>
+ <p style="padding-top:20px"> <a
href="https://twitter.com/apachecordova"; class="twitter-follow-button"
data-show-count="false">Follow @apachecordova</a></p>
+ <script async defer
src="https://slack-cordova-io.herokuapp.com/slackin.js";></script>
+ </div>
+</div>
+<p class="copyright_text">
+ Copyright © 2012, 2013, 2015 The Apache Software Foundation, Licensed
under the <a target="_blank"
href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version
2.0</a>.<br/>
+ Apache and the Apache feather logos are <a target="_blank"
href="http://www.apache.org/foundation/marks/list/";>trademarks</a> of The
Apache Software Foundation.
+ <br/>
+ "Raleway" font used under license. For details see the <a
href="/attributions/">attributions page</a>.
+</p>
+
+ </div>
+</footer>
+
+
+ <script defer type="text/javascript" src="/static/js/index.js"></script>
+ <script defer type="text/javascript" src="/static/js/twitter.js"></script>
+
+
+
+
+
+
+
+
+<script type="text/javascript"
src="https://cdn.jsdelivr.net/docsearch.js/1/docsearch.min.js";></script>
+<script type="text/javascript">
+ docsearch({
+ apiKey: '0a916ab198bd93d031aa70611271e42e',
+ indexName: 'cordova',
+ inputSelector: '#header-search-field',
+ algoliaOptions: { 'facetFilters': ["version: 9.x", "language: en"] }
+ });
+</script>
+
+</body>
+</html>
Modified: cordova/site/public/sitemap.xml
URL:
http://svn.apache.org/viewvc/cordova/site/public/sitemap.xml?rev=1883958&r1=1883957&r2=1883958&view=diff
==============================================================================
--- cordova/site/public/sitemap.xml (original)
+++ cordova/site/public/sitemap.xml Mon Nov 30 18:32:25 2020
@@ -4,7 +4,7 @@
<!-- posts -->
<url>
- <loc>https://cordova.apache.org/2020/11/30/cve-2020-11990.html</loc>
+ <loc>https://cordova.apache.org/news/2020/11/30/cve-2020-11990.html</loc>
</url>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
