Home > Vulnerability Database > CVE-2024-47771

Mend.io Vulnerability Database

CVE-2024-47771

Good to know:

Date: October 15, 2024

Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.

Language: TYPE_SCRIPT

Severity Score

8.6

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47771

Url: https://github.com/element-hq/element-desktop/commit/6c78684e84ba7f460aedba6f017760e2323fdf4b

Url: https://github.com/element-hq/element-web/commit/63c8550791a0221189f495d6458fee7db601c789

Url: https://github.com/element-hq/element-desktop/security/advisories/GHSA-963w-49j9-gxj6

Url: https://www.mend.io/vulnerability-database/CVE-2024-47771

Severity Score

8.6

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v1.11.81

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47771

Good to know:

Date: October 15, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?