Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NElement
APPElement0.91.0 – 1.6.12 (bez)
Powiązane podatności
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to int...
Element Android is an Android Matrix Client provided by Element. Element Android up to version 1.6.32 can, und...
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, eve...
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before ...
Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious ho...