Unrated severityNVD Advisory· Published Feb 20, 2024· Updated Aug 1, 2024
Element Android Intent Redirection
CVE-2024-26131
Description
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.4.3 - 1.6.10+ 1 more
- (no CPE)range: 1.4.3 - 1.6.10
- (no CPE)range: >= 1.4.3, < 1.6.12
Patches
Vulnerability mechanics
References
4- element.io/blog/security-release-element-android-1-6-12mitrex_refsource_MISC
- github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9mitrex_refsource_MISC
- github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vmmitrex_refsource_CONFIRM
- support.google.com/faqs/answer/9267555mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.