CVE-2018-1000123

Source
https://cve.org/CVERecord?id=CVE-2018-1000123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000123
Published
2018-03-13T21:29:00.273Z
Modified
2026-07-08T14:58:16.057855Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.

References

Affected packages

Git / github.com/ionic-team/cordova-plugin-ios-keychain

Affected ranges

Type
GIT
Repo
https://github.com/ionic-team/cordova-plugin-ios-keychain
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "cpe": "cpe:2.3:a:ionicframework:ios_keychain:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.0.0
2.*
2.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000123.json"