CVE-2024-52276

Dec. 5, 2024, 11:15 a.m.

None
No Score

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.

Product(s) Impacted

Product Versions
UNKNOWN
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-451
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

https://drive.proton.me/urls/QD7Z493XX4#Yn3eKAjuZA5m
https://new.space/s/3SG3wQxTSg7lq-vLzUjy-Q#mmrg4t0wMThwTqs9nogVHdLAjMFlkgFnKHn_Q8u9cCs
https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427f
https://www.vulsec.org/advisories

Tags

CWE-451
2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe
2024-12-04
CVE-2024-52276

Timeline

Published: Dec. 4, 2024, 11:30 a.m.
Last Modified: Dec. 5, 2024, 11:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.