CVE-2024-52277

Severity CVSS v4.0:

HIGH

Type:

Unavailable / Other

Publication date:

04/12/2024

Last modified:

05/12/2024

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened.<br /> <br /> <br /> This issue affects DocuSeal: through 1.8.1, >1.8.1.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red CVSS v4.0 Severity and Metrics:

Base Score: 8.20 HIGH
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red

Attack Vector (AV): Local
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Passsive
Confidentiality (VC): None
Integrity (VI): High
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): High
Availability (SA): None
Provider Urgency (U): Red

Base Score 4.0

8.20

Severity 4.0

HIGH

CVE-2024-52277

Description

Impact

References to Advisories, Solutions, and Tools