CVE-2021-40824

Description

A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 leads to a situation where identity verification is inadequate and thus a key-requesting device can be impersonated.

Affected packages (1)

• Maven/org.matrix.android:matrix-android-sdk2from 0, < 1.2.2

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-40824
• WEBhttps://github.com/matrix-org/matrix-android-sdk2/releases/tag/v1.2.2
• WEBhttps://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing