Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-26132
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Feb, 2024 | 01:44
Updated At-14 Feb, 2025 | 17:25

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary3.13.3LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 3.3
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
element
element
>>element>>Versions from 0.91.0(inclusive) to 1.6.12(exclusive)
cpe:2.3:a:element:element:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-200Secondarysecurity-advisories@github.com
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: CWE-200
Type: Secondary
Source: security-advisories@github.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://element.io/blog/security-release-element-android-1-6-12security-advisories@github.com
Release Notes
https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07security-advisories@github.com
Patch
https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4security-advisories@github.com
Patch
Vendor Advisory
https://element.io/blog/security-release-element-android-1-6-12af854a3a-2127-422b-91ae-364da2661108
Patch
Release Notes
https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://element.io/blog/security-release-element-android-1-6-12
Source: security-advisories@github.com
Resource:
Release Notes
Hyperlink: https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://element.io/blog/security-release-element-android-1-6-12
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Release Notes
Hyperlink: https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Change History
0Changes found
Details not found