VDB
CVE-2021-40824
CVE-2021-40824
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-android-sdk2 (aka Matrix SDK for Android) before 1.2.2 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the attacker to decrypt end-to-end encrypted messages sent by affected clients.
EPSS 0.15% · 35.0th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
0.15%
35.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| matrix | matrix-android-sdk2 | 0 |
| n/a | n/a | n/a |
| matrix | element | 0 |
| Maven | org.matrix.android:matrix-android-sdk2 | 0 |
Timeline
- Sep 13, 2021 CVE Published
- Sep 14, 2021 EPSS Score
- Sep 24, 2021 CVE Updated
- Nov 10, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 7, 2022 EPSS Score
- Mar 5, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jun 28, 2022 EPSS Score
- Aug 26, 2022 EPSS Score
- Oct 22, 2022 EPSS Score