漏洞标题
元素iOS由于缺少对用无信任的Megolm会话解密的事件的修饰,而具有弱点。
漏洞描述信息
由于缺少对使用不受信任的Megolm会话解密的事件进行装饰,Element iOS存在漏洞。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
漏洞类别
N/A
漏洞标题
Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions
漏洞描述信息
Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
漏洞类别
对危险操作的UI警示不充分
漏洞标题
Matrix 安全漏洞
漏洞描述信息
Matrix是一个雄心勃勃的新生态系统,用于开放联合即时消息和 VoIP。 Matrix Element iOS 1.9.7之前的版本存在安全漏洞,该漏洞源于其使用无法建立信任的Megolm会话加密的事件不会相应地进行修饰(带有警告盾牌)。
CVSS信息
N/A
漏洞类别
其他