45 matches found
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47771
CVE-2024-47771 affects Element Desktop. Versions 1.11.70–1.11.80 expose access tokens under crafted conditions, with at least one vector identified (malicious widgets); other vectors may exist. Red Hat/SUSE/OpenSUSE advisories confirm the issue and recommend upgrading to Element Desktop/Web 1.11....
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
CVE-2024-47771 Element Desktop vulnerable to potential exposure of access token via authenticated media
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involvi...
PT-2024-32808 · Element · Element Desktop
Name of the Vulnerable Software and Affected Versions: Element Desktop versions 1.11.70 through 1.11.80 Description: The issue concerns a vulnerability in Element Desktop, a Matrix client for desktop platforms, which can lead to the exposure of access tokens to third parties under specially craft...
OPENSUSE-SU-2024:14288-1 element-desktop-1.11.75-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.75-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12895-1 element-desktop-1.11.30-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.30-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13054-1 element-desktop-1.11.36-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.36-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13395-1 element-desktop-1.11.47-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.47-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:13265-1 element-desktop-1.11.43-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.43-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12374-1 element-desktop-1.11.8-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.8-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11789-1 element-desktop-1.9.9-1.1 on GA media
These are all security issues fixed in the element-desktop-1.9.9-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12294-1 element-desktop-1.11.4-1.1 on GA media
These are all security issues fixed in the element-desktop-1.11.4-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...
The vulnerability of the data transmission software via the Matrix protocol in Element Desktop lies in the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the data transmission software via the Matrix protocol in Element Desktop is related to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created link...
CVE-2022-23597
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...
Design/Logic Flaw
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...
CVE-2022-23597 Remote program execution with user interaction
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...
CVE-2022-23597
Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...
CVE-2022-23597 Remote program execution with user interaction
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the...