CVE-2024-52271

PDF Document Spoofing in Documenso

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05.

Remediation

Workaround:

* If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection * If possible - Download the PDF file and perform full flattening (of the entire document, not just form fields)

References

Link	Tags
https://www.vulsec.org/advisories	vdb entry
https://github.com/documenso/documenso	product
https://www.documenso.com/	product
https://github.com/documenso/documenso/issues/1512	issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-52271?: CVE-2024-52271 has been scored as a high severity vulnerability.
How to fix CVE-2024-52271?: As a workaround for remediating CVE-2024-52271: * If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection * If possible - Download the PDF file and perform full flattening (of the entire document, not just form fields)
Is CVE-2024-52271 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-52271 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-52271?: CVE-2024-52271 affects Documenso Documenso, Documenso Documenso SaaS (Hosted).

Description

Remediation

Category

CWE-451 – User Interface (UI) Misrepresentation of Critical Information

References

Frequently Asked Questions