Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Element Android Intent Redirection
Vulnerability Description
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
通信信道对预期端点的不适当限制
Vulnerability Title
Element Android 安全漏洞
Vulnerability Description
Element Android是Element提供的 Android Matrix 客户端。 Element Android 1.4.3至1.6.10版本存在安全漏洞,该漏洞源于存在Intent重定向漏洞,导致第三方恶意应用程序可以通过传递一些额外参数来启动内部活动。
CVSS Information
N/A
Vulnerability Type
N/A