CVE-2024-26132

Element Android can be asked to share internal files.

Severity Score

4.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.

Element Android es un cliente Matrix de Android. Una aplicación maliciosa de terceros instalada en el mismo teléfono puede obligar a Element Android, versión 0.91.0 a 1.6.12, a compartir archivos almacenados en el directorio "archivos" en el directorio de datos privados de la aplicación en una sala arbitraria. El impacto del ataque se reduce por el hecho de que las bases de datos almacenadas en esta carpeta están cifradas. Sin embargo, contiene otra información potencialmente confidencial, como el token FCM. Las bifurcaciones de Element Android que han configurado `android:exported="false"` en el archivo `AndroidManifest.xml` para la actividad `IncomingShareActivity` no se ven afectadas. Este problema se solucionó en Element Android 1.6.12. No se conoce ningún workaround para mitigar el problema.

*Credits: N/A

CVSS Scores

GitHubv3.1 4.0

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-14 CVE Reserved
2024-02-20 CVE Published
2024-02-21 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (3)

URL	Tag	Source
https://element.io/blog/security-release-element-android-1-6-12	X_refsource_misc
https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07	X_refsource_misc
https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Element-hq Search vendor "Element-hq"		Element-android Search vendor "Element-hq" for product "Element-android"				>= 0.91.0 < 1.6.12 Search vendor "Element-hq" for product "Element-android" and version " >= 0.91.0 < 1.6.12"		en		Affected