Davidegirardi

**Name of the Vulnerable Software and Affected Versions** Element Web versions prior to 1.11.112 Element Desktop versions prior to 1.11.112 **Description** Element Web and Element Desktop are susceptible to a room list manipulation issue due to insufficient validation of room predecessor links. A remote attacker may attempt to temporarily replace a room's entry in the room list with a room controlled by the attacker, potentially misleading users. Reloading or refreshing the page will restore the correct room list. **Recommendations** Upgrade Element Web to version 1.11.112. Upgrade Element Desktop to version 1.11.112.

**Name of the Vulnerable Software and Affected Versions** Element X Android versions prior to 25.04.2 **Description** A crafted hyperlink on a webpage or a locally installed malicious app can force Element X to load a webpage with similar permissions to Element Call, automatically granting it temporary access to the `microphone` and `camera`. **Recommendations** For versions prior to 25.04.2, update to version 25.04.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Synapse versions prior to 1.127.1 **Description** The issue allows a malicious server to craft events that prevent Synapse from federating with other servers. The vulnerability has been exploited in the wild. **Recommendations** For versions prior to 1.127.1, upgrade to Synapse v1.127.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** matrix-js-sdk versions prior to 38.2.0 **Description** The Matrix JavaScript SDK has insufficient validation of room predecessor links in the `MatrixClient::getJoinedRooms` function, potentially allowing a remote attacker to replace a tombstoned room with an attacker-supplied room. **Recommendations** Upgrade to version 38.2.0. Avoid using the `MatrixClient::getJoinedRooms` function in favor of `getRooms()` and filter upgraded rooms separately.

**Name of the Vulnerable Software and Affected Versions** Element Web and Desktop versions prior to 1.11.85 **Description** A malicious homeserver can send invalid messages over federation, which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. **Recommendations** For Element Web and Desktop versions prior to 1.11.85, update to version 1.11.85 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Element Web and Desktop versions prior to 1.11.85 **Description** The issue concerns the handling of thumbnails for attachments, stickers, and images. Specifically, versions of Element Web and Desktop earlier than 1.11.85 do not check if these thumbnails are coherent. This oversight allows for the possibility of adding thumbnails to events that can trigger a file download once clicked. **Recommendations** For versions prior to 1.11.85, update to version 1.11.85 or later to resolve the issue. As a temporary workaround, consider restricting the handling of thumbnails for attachments, stickers, and images until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Element Desktop versions 1.11.70 through 1.11.80 **Description** The issue concerns a vulnerability in Element Desktop, a Matrix client for desktop platforms, which can lead to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but other vectors may exist. **Recommendations** For Element Desktop versions 1.11.70 through 1.11.80, upgrade to version 1.11.81 to remediate the issue. As a temporary workaround, avoid granting permissions to untrusted widgets.

**Name of the Vulnerable Software and Affected Versions** Element Web versions 1.11.70 through 1.11.80 **Description** The issue is related to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but other vectors may exist. Users are advised to upgrade to a newer version to remediate the issue. **Recommendations** For Element Web versions 1.11.70 through 1.11.80, upgrade to version 1.11.81 to resolve the issue. As a temporary workaround, avoid granting permissions to untrusted widgets.