CVE-2024-26132
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26132
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26132.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26132
- Related
- Published
- 2024-02-29T01:44:17Z
- Modified
- 2025-05-19T10:17:22.525869Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the
filesdirectory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have setandroid:exported="false"in theAndroidManifest.xmlfile for theIncomingShareActivityactivity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. - References
Affected packages
Git / github.com/element-hq/element-android
Affected ranges
- Type
- GIT
- Repo
- https://github.com/element-hq/element-android
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/vector-im/element-ios
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
before_privacy_merge
riot-android-beta-0-91-0
riot-android-beta-0-91-1
riot-android-beta-0-91-2
test0.*
test0.0.1
v0.*
v0.1.0
v0.1.1
v0.1.10
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.8
v0.1.9
v0.1.x
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.11.6
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.18.1
v0.19.0
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.20.0
v0.21.0
v0.22.0
v0.3.0
v0.3.10
v0.3.11
v0.3.12
v0.3.13
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.6.0
v0.6.1
v0.6.10
v0.6.11
v0.6.12
v0.6.13
v0.6.14
v0.6.15
v0.6.16
v0.6.17
v0.6.18
v0.6.19
v0.6.2
v0.6.20
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.6.9
v0.7.0
v0.7.1
v0.7.10
v0.7.11
v0.7.2
v0.7.3
v0.7.4
v0.7.5
v0.7.6
v0.7.7
v0.7.8
v0.7.9
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.91.3-beta
v0.91.4-beta
v0.91.5
v1.*
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9
v1.1.0
v1.1.1
v1.1.10
v1.1.11
v1.1.12
v1.1.13
v1.1.14
v1.1.15
v1.1.16
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.1.6
v1.1.7
v1.1.8
v1.1.9
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.2.8
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17
v1.3.18
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.7-RC2
v1.3.8
v1.3.9
v1.4.0
v1.4.10
v1.4.11
v1.4.12
v1.4.13
v1.4.14
v1.4.16
v1.4.18
v1.4.19
v1.4.2
v1.4.20
v1.4.22
v1.4.24
v1.4.25
v1.4.26
v1.4.27
v1.4.27-RC2
v1.4.28
v1.4.3
v1.4.30
v1.4.31
v1.4.32
v1.4.34
v1.4.36
v1.4.4
v1.4.5
v1.4.6
v1.4.7
v1.4.8
v1.4.9
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.12
v1.5.13
v1.5.14
v1.5.16
v1.5.18
v1.5.2
v1.5.20
v1.5.22
v1.5.24
v1.5.25
v1.5.26
v1.5.28
v1.5.3
v1.5.30
v1.5.32
v1.5.4
v1.5.6
v1.5.7
v1.5.8
v1.6.0
v1.6.1
v1.6.10
v1.6.11
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.8
v1.6.9