Element
CVE-2024-26131
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
AnalysisAI
Element Android is an Android Matrix Client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-923. Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. Affected products include: Element. Version information: version 1.4.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. Rated critical sever
Element iOS is an iOS Matrix client provided by Element. Rated medium severity (CVSS 6.5), this vulnerability is remotel
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any O
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the full
Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is
Element Android is an Android Matrix Client. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
Share
External POC / Exploit Code
Leaving vuln.today