rpm package
opensuse/element-web&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/element-web&distro=openSUSE%20Tumbleweed
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59161 | Low | — | < 1.11.112-1.1 | 1.11.112-1.1 | Sep 16, 2025 | Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with | |
| CVE-2024-47771 | Hig | — | < 1.11.81-1.1 | 1.11.81-1.1 | Oct 15, 2024 | Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified in | |
| CVE-2024-42369 | — | < 1.11.75-1.1 | 1.11.75-1.1 | Aug 20, 2024 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the c | ||
| CVE-2024-42347 | — | < 1.11.73-1.1 | 1.11.73-1.1 | Aug 6, 2024 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages wou | ||
| CVE-2023-37259 | — | < 1.11.36-1.1 | 1.11.36-1.1 | Jul 18, 2023 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Expo | ||
| CVE-2023-30609 | — | < 1.11.30-1.1 | 1.11.30-1.1 | Apr 25, 2023 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a spe | ||
| CVE-2023-2251 | — | < 1.11.30-2.1 | 1.11.30-2.1 | Apr 24, 2023 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | ||
| CVE-2023-28427 | — | < 1.11.26-1.1 | 1.11.26-1.1 | Mar 28, 2023 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to | ||
| CVE-2022-36059 | — | < 1.11.4-1.1 | 1.11.4-1.1 | Mar 28, 2023 | matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to | ||
| CVE-2022-39250 | — | < 1.11.8-1.1 | 1.11.8-1.1 | Sep 29, 2022 | Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identit | ||
| CVE-2022-39251 | — | < 1.11.8-1.1 | 1.11.8-1.1 | Sep 28, 2022 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Addit | ||
| CVE-2022-39249 | — | < 1.11.8-1.1 | 1.11.8-1.1 | Sep 28, 2022 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, | ||
| CVE-2022-39236 | — | < 1.11.8-1.1 | 1.11.8-1.1 | Sep 28, 2022 | Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note th | ||
| CVE-2022-23597 | — | < 1.9.9-1.1 | 1.9.9-1.1 | Feb 1, 2022 | Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another but |
- affected < 1.11.112-1.1fixed 1.11.112-1.1
Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with
- affected < 1.11.81-1.1fixed 1.11.81-1.1
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified in
- CVE-2024-42369Aug 20, 2024affected < 1.11.75-1.1fixed 1.11.75-1.1
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the c
- CVE-2024-42347Aug 6, 2024affected < 1.11.73-1.1fixed 1.11.73-1.1
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. A malicious homeserver could manipulate a user's account data to cause the client to enable URL previews in end-to-end encrypted rooms, in which case any URLs in encrypted messages wou
- CVE-2023-37259Jul 18, 2023affected < 1.11.36-1.1fixed 1.11.36-1.1
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Expo
- CVE-2023-30609Apr 25, 2023affected < 1.11.30-1.1fixed 1.11.30-1.1
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a spe
- CVE-2023-2251Apr 24, 2023affected < 1.11.30-2.1fixed 1.11.30-2.1
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
- CVE-2023-28427Mar 28, 2023affected < 1.11.26-1.1fixed 1.11.26-1.1
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to
- CVE-2022-36059Mar 28, 2023affected < 1.11.4-1.1fixed 1.11.4-1.1
matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to
- CVE-2022-39250Sep 29, 2022affected < 1.11.8-1.1fixed 1.11.8-1.1
Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identit
- CVE-2022-39251Sep 28, 2022affected < 1.11.8-1.1fixed 1.11.8-1.1
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Addit
- CVE-2022-39249Sep 28, 2022affected < 1.11.8-1.1fixed 1.11.8-1.1
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms,
- CVE-2022-39236Sep 28, 2022affected < 1.11.8-1.1fixed 1.11.8-1.1
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note th
- CVE-2022-23597Feb 1, 2022affected < 1.9.9-1.1fixed 1.9.9-1.1
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another but