Lucene search
PRIOn knowledge basePRION:CVE-2024-26131HistoryFeb 29, 2024 - 1:44 a.m.
Design/Logic Flaw
2024-02-2901:44:00
PRIOn knowledge base
www.prio-n.com
24
element android
intent redirection
vulnerability
account takeover
arbitrary web page
security issue
mitigation
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
Related
osv
osv
CVE-2024-26131
2024-02-29 01:44:17
nvd
nvd
CVE-2024-26131
2024-02-29 01:44:17
cve
cve
CVE-2024-26131
2024-02-29 01:44:17
cvelist
cvelist
CVE-2024-26131 Element Android Intent Redirection
2024-02-20 18:17:01