element-desktop-1.11.81-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14406-1 Final 1 1 2024-10-17T00:00:00Z current 2024-10-17T00:00:00Z 2024-10-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z element-desktop-1.11.81-1.1 on GA media These are all security issues fixed in the element-desktop-1.11.81-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14406 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQNDUBJFHLJVEPUM4DHLDV6T3EUECFA7/ E-Mail link for openSUSE-SU-2024:14406-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-47771/ SUSE CVE CVE-2024-47771 page openSUSE Tumbleweed element-desktop-1.11.81-1.1 element-desktop-1.11.81-1.1 as a component of openSUSE Tumbleweed Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets. CVE-2024-47771 openSUSE Tumbleweed:element-desktop-1.11.81-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KQNDUBJFHLJVEPUM4DHLDV6T3EUECFA7/ https://www.suse.com/security/cve/CVE-2024-47771.html CVE-2024-47771 https://bugzilla.suse.com/1231666 SUSE Bug 1231666 https://bugzilla.suse.com/1231695 SUSE Bug 1231695