1. Home
  2. CVE Database
  3. CVE-2024-51749
LOW · 3.5

CVE-2024-51749

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. ...

Vulnerability Description

Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a file download once clicked. Fixed in element-web 1.11.85.

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE

Related Weaknesses (CWE)

CWE-451

References

FAQ

What is CVE-2024-51749?

CVE-2024-51749 is a vulnerability with a CVSS score of 3.5 (LOW). Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. ...

How severe is CVE-2024-51749?

CVE-2024-51749 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-51749?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.