CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/element-hq/element-web/commit/a00c343435d633e64de2c0548217aa611c7bbef5
https://github.com/element-hq/element-web/security/advisories/GHSA-5486-384g-mcx2

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-12 17:15

Updated : 2024-11-13 17:01

NVD link : CVE-2024-51749

Mitre link : CVE-2024-51749

CVE.ORG link : CVE-2024-51749

JSON object : View

Products Affected

No product.

CWE

CWE-451

User Interface (UI) Misrepresentation of Critical Information

3.5 /10