CVE-2024-26131 (GCVE-0-2024-26131)
Vulnerability from cvelistv5
Published
2024-02-20 18:17
Modified
2024-08-01 23:59
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
  • CWE-940 - Improper Verification of Source of a Communication Channel
Summary
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
References
Impacted products
Vendor Product Version
element-hq element-android Version: >= 1.4.3, < 1.6.12
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-29T14:41:52.849097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:14.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm"
          },
          {
            "name": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9"
          },
          {
            "name": "https://element.io/blog/security-release-element-android-1-6-12",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://element.io/blog/security-release-element-android-1-6-12"
          },
          {
            "name": "https://support.google.com/faqs/answer/9267555?hl=en",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.google.com/faqs/answer/9267555?hl=en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "element-android",
          "vendor": "element-hq",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.4.3, \u003c 1.6.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-923",
              "description": "CWE-923: Improper Restriction of Communication Channel to Intended Endpoints",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-940",
              "description": "CWE-940: Improper Verification of Source of a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-20T18:17:01.583Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm"
        },
        {
          "name": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9"
        },
        {
          "name": "https://element.io/blog/security-release-element-android-1-6-12",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://element.io/blog/security-release-element-android-1-6-12"
        },
        {
          "name": "https://support.google.com/faqs/answer/9267555?hl=en",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.google.com/faqs/answer/9267555?hl=en"
        }
      ],
      "source": {
        "advisory": "GHSA-j6pr-fpc8-q9vm",
        "discovery": "UNKNOWN"
      },
      "title": "Element Android Intent Redirection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-26131",
    "datePublished": "2024-02-20T18:17:01.583Z",
    "dateReserved": "2024-02-14T17:40:03.687Z",
    "dateUpdated": "2024-08-01T23:59:32.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Element Android Intent Redirection\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-923\", \"lang\": \"en\", \"description\": \"CWE-923: Improper Restriction of Communication Channel to Intended Endpoints\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-940\", \"lang\": \"en\", \"description\": \"CWE-940: Improper Verification of Source of a Communication Channel\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.4, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm\"}, {\"name\": \"https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9\"}, {\"name\": \"https://element.io/blog/security-release-element-android-1-6-12\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://element.io/blog/security-release-element-android-1-6-12\"}, {\"name\": \"https://support.google.com/faqs/answer/9267555?hl=en\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://support.google.com/faqs/answer/9267555?hl=en\"}], \"affected\": [{\"vendor\": \"element-hq\", \"product\": \"element-android\", \"versions\": [{\"version\": \"\u003e= 1.4.3, \u003c 1.6.12\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-02-20T18:17:01.583Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.\"}], \"source\": {\"advisory\": \"GHSA-j6pr-fpc8-q9vm\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-26131\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-29T14:41:52.849097Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:13.916Z\"}, \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-26131\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2024-02-14T17:40:03.687Z\", \"datePublished\": \"2024-02-20T18:17:01.583Z\", \"dateUpdated\": \"2024-06-04T17:48:14.189Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.