Vulnerability Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://drive.proton.me/urls/QD7Z493XX4#Yn3eKAjuZA5m
- https://new.space/s/3SG3wQxTSg7lq-vLzUjy-Q#mmrg4t0wMThwTqs9nogVHdLAjMFlkgFnKHn_Q
- https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427f
- https://www.vulsec.org/advisories
FAQ
What is CVE-2024-52276?
CVE-2024-52276 is a vulnerability with a CVSS score of 7.5 (HIGH). User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when ...
How severe is CVE-2024-52276?
CVE-2024-52276 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-52276?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.