Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left
Vulnerability Description
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions. The issue has been patched and users should upgrade to 1.11.112. A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Element Desktop 输入验证错误漏洞
Vulnerability Description
Element Desktop是Element开源的一个以 Element Web 为核心的桌面平台的 Matrix 客户端。 Element Desktop 1.11.112之前版本存在输入验证错误漏洞,该漏洞源于对房间前置链接验证不足,可能导致远程攻击者临时替换房间列表中的条目。
CVSS Information
N/A
Vulnerability Type
N/A