Vulnerability Description
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.
Related Weaknesses (CWE)
References
- https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017
- https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9
- https://github.com/element-hq/element-web/commit/63c8550791a0221189f495d6458fee7
FAQ
What is CVE-2024-47771?
CVE-2024-47771 is a documented vulnerability. Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access tok...
How severe is CVE-2024-47771?
CVSS scoring is not yet available for CVE-2024-47771. Check NVD for updates.
Is there a patch for CVE-2024-47771?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.