CVE-2024-47771

CVSS v4.0

7.0

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Element Desktop versions 1.11.70 through 1.11.80

Description The issue concerns a vulnerability in Element Desktop, a Matrix client for desktop platforms, which can lead to the exposure of access tokens to third parties under specially crafted conditions. At least one vector has been identified, involving malicious widgets, but other vectors may exist.

Recommendations For Element Desktop versions 1.11.70 through 1.11.80, upgrade to version 1.11.81 to remediate the issue. As a temporary workaround, avoid granting permissions to untrusted widgets.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2024-47771

GHSA-963W-49J9-GXJ6

OPENSUSE-SU-2024:14406-1

OPENSUSE-SU-2024:14407-1

Affected Products

Element Desktop

CVE-2024-47771

Weakness Enumeration

Related Identifiers

Affected Products

References · 20