PT-2024-35141 · Dropbox · Dropbox Sign
Erez Kalman
·
Published
2024-12-05
·
Updated
2024-12-05
·
CVE-2024-52270
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/AU:Y/U:Red |
Name of the Vulnerable Software and Affected Versions
DropBox Sign(HelloSign) versions through 2024-12-04
Description
The issue is related to a User Interface (UI) Misrepresentation of Critical Information vulnerability, allowing Content Spoofing. The displayed version does not show the layer flattened version. When printed, for example via Google Chrome by examining the print preview, it will render the vulnerability only, and not all layers are flattened.
Recommendations
For DropBox Sign(HelloSign) versions through 2024-12-04:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
UI Misrepresentation of Critical Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dropbox Sign