Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Element X Android vulnerable to loading malicious web pages via received intent
Vulnerability Description
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it temporary access to microphone and camera. This issue has been patched in version 25.04.2.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
CWE-926
Vulnerability Title
Element X Android 安全漏洞
Vulnerability Description
Element X Android是Element开源的一个使用 Matrix Rust Sdk 和 Jetpack Compose 的 Android Matrix 应用程序。 Element X Android 25.04.2之前版本存在安全漏洞,该漏洞源于特制超链接可能导致自动授予麦克风和摄像头临时访问权限。
CVSS Information
N/A
Vulnerability Type
N/A