QwikSec

Security Database

CVE

CWE

Training

CVE-2024-47771

Published: Oct 15, 2024

Modified: Oct 15, 2024

PUBLISHED

Description

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.

Vendor	Product	Versions
element-hq	element-desktop	affected `>= 1.11.70, < 1.11.81`

Weaknesses (CWE)

References

https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6

x_refsource_CONFIRM

https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b

x_refsource_MISC

https://github.com/element-hq/element-web/commit/63c8550791a0221189f495d6458fee7db601c789

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.