Home > Vulnerability Database > CVE-2024-47779

Mend.io Vulnerability Database

CVE-2024-47779

Good to know:

Date: October 15, 2024

Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets.

Language: TYPE_SCRIPT

Severity Score

8.6

Related Resources (4)

Url: https://github.com/element-hq/element-web/commit/8d7f2b5c1301129a488d3597f3839bd74203ee62

Url: https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47779

Url: https://www.mend.io/vulnerability-database/CVE-2024-47779

Severity Score

8.6

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v1.11.81

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47779

Good to know:

Date: October 15, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?