FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

element-web -- Potential exposure of access token via authenticated media

Affected packages
1.11.70 <= element-web < 1.11.81

Details

VuXML ID 851ce3e4-8b03-11ef-84e9-901b0e9408dc
Discovery 2024-10-15
Entry 2024-10-15

Element team reports:

Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue.

[source]

References

CVE Name CVE-2024-47779
URL https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.