CVE-2024-52270

Dec. 5, 2024, 1:15 p.m.

None
No Score

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.

Product(s) Impacted

Product Versions
DropBox Sign(HelloSign)
  • ['through 2024-12-04']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-451
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

https://app.hellosign.com/
https://drive.proton.me/urls/Z6DHXNRZQC#jkfO38rjOiOj
https://new.space/s/ZuHoujvkjdzfY7Uihah7Yg#SKWLU_g2Cihfj4qsq9XNy6F4saxVAzD876PujiDOYfs
https://sign.dropbox.com/
https://www.loom.com/share/48f63594e14c49e19840ad9cb7d60453?sid=816c6afa-0b67-4b0b-98ff-d5c58d464038
https://www.vulsec.org/advisories

Tags

CWE-451
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
2024-12-05
CVE-2024-52270

Timeline

Published: Dec. 5, 2024, 11:15 a.m.
Last Modified: Dec. 5, 2024, 1:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.