CVE-2024-51749
3.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Summary
Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| element-hq | element-web | < 1.11.85 | affected |
Weaknesses
- CWE-451: CWE-451: User Interface (UI) Misrepresentation of Critical Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2
- https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.