Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
Vulnerability Description
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
对危险操作的UI警示不充分
Vulnerability Title
Matrix 安全漏洞
Vulnerability Description
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。 Matrix Element iOS 1.9.7之前的版本存在安全漏洞,该漏洞源于其使用无法建立信任的Megolm会话加密的事件不会相应地进行修饰(带有警告盾牌)。
CVSS Information
N/A
Vulnerability Type
N/A