Information disclosure in Element-hq Element-web
CVE-2024-47779
Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties…
Vulnerability class: Information Disclosure
EPSS: 0.004 (33.4th percentile) — read the EPSS interpretation.
Affected products
- Element-hq Element-web — versions >= 1.11.70, < 1.11.81
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-47779?
- CVE-2024-47779 is a vulnerability in Element-hq Element-web, classified under Information Disclosure. Published 2024-10-15.
- Is CVE-2024-47779 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.