A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated.
{ "nvd_published_at": "2021-09-13T19:15:00Z", "cwe_ids": [ "CWE-327" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-08-09T13:17:07Z" }