CVE-2022-23597

Name of the Vulnerable Software and Affected Versions Element Desktop versions prior to 1.9.7

Description The issue concerns a remote program execution bug that requires user interaction, involving clicking on a malicious link followed by another button click. To the best of available knowledge, this issue has not been exploited in the wild. If successfully exploited, it allows an attacker to specify a file path of a binary on the victim's computer for execution, although the attacker cannot specify program arguments. In certain configurations, the attacker may be able to specify a URI instead of a file path, potentially leading to further vulnerabilities in platform mechanisms and arbitrary code execution.

Recommendations For Element Desktop versions prior to 1.9.7, upgrade to version 1.9.7 or later at your earliest convenience to resolve the issue. As a temporary workaround, consider avoiding clicking on suspicious links and buttons to minimize the risk of exploitation. Restrict access to potentially vulnerable configurations to reduce the risk of further vulnerabilities being exploited.