CVE-2024-47771 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2024-47771 Interim 1 5 2025-02-16T00:42:11Z current 2024-10-15T23:10:28Z 2025-02-16T00:42:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2024-47771 Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQNDUBJFHLJVEPUM4DHLDV6T3EUECFA7/ E-Mail link for openSUSE-SU-2024:14406-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K6P26C4CYVFGY4V3OGMMHKWBXKSMNSQ6/ E-Mail link for openSUSE-SU-2024:14407-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed element-desktop-1.11.81-1.1 element-web-1.11.81-1.1 element-desktop-1.11.81-1.1 as a component of openSUSE Tumbleweed element-web-1.11.81-1.1 as a component of openSUSE Tumbleweed Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. CVE-2024-47771 openSUSE Tumbleweed:element-desktop-1.11.81-1.1 openSUSE Tumbleweed:element-web-1.11.81-1.1 moderate