PT-2024-9243 · Documenso · Documenso
Erez Kalman
+1
·
Published
2024-12-05
·
Updated
2024-12-06
·
CVE-2024-52271
CVSS v4.0
8.2
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions:
Documenso versions through 1.8.0
Documenso SaaS (Hosted) as of 2024-12-05
Description:
The issue is related to the User Interface (UI) Misrepresentation of Critical Information in Documenso, allowing Content Spoofing. The displayed version does not show the layer flattened version. When printed, it will render the vulnerability only, and not all layers are flattened. This can be exploited to conduct spoofing attacks.
Recommendations:
For Documenso versions through 1.8.0: Update to a version that addresses the UI Misrepresentation issue to prevent Content Spoofing.
For Documenso SaaS (Hosted) as of 2024-12-05: Contact the service provider for an update or patch that resolves the UI Misrepresentation vulnerability.
As a temporary workaround, consider avoiding the use of the affected UI functionality until a patch is available. Restrict access to sensitive documents to minimize the risk of exploitation.
Fix
UI Misrepresentation of Critical Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Documenso