CVE-2024-26131

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-26131
Related
  • GHSA-j6pr-fpc8-q9vm
Published
2024-02-29T01:44:17Z
Modified
2025-02-16T00:54:07.841571Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

References

Affected packages

Git / github.com/element-hq/element-android

Affected ranges

Type
GIT
Repo
https://github.com/element-hq/element-android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

riot-android-beta-0-91-0
riot-android-beta-0-91-1
riot-android-beta-0-91-2

v0.*

v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.20.0
v0.21.0
v0.22.0
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.9.0
v0.9.1
v0.91.3-beta
v0.91.4-beta
v0.91.5

v1.*

v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.7-RC2
v1.3.8
v1.3.9
v1.4.0
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.16
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.22
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.27-RC2
v1.4.28
v1.4.30
v1.4.31
v1.4.32
v1.4.34
v1.4.36
v1.4.4
v1.4.6
v1.4.7
v1.4.8
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.16
v1.5.18
v1.5.2
v1.5.20
v1.5.22
v1.5.24
v1.5.25
v1.5.26
v1.5.28
v1.5.30
v1.5.32
v1.5.4
v1.5.6
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.5
v1.6.6
v1.6.8