CVE-2024-52277 (GCVE-0-2024-52277)

Vulnerability from cvelistv5 – Published: 2024-12-04 10:16 – Updated: 2024-12-05 16:50 X_Known Exploited Vulnerability X_Open Source
VLAI?
Title
PDF Document Spoofing in DocuSeal
Summary
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1.
Severity ?
8.2 (High)
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red
CWE
  • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
Vendor Product Version
DocuSeal DocuSeal Affected: 0 , ≤ 1.8.1 (git)
Affected: >1.8.1 (git)
Create a notification for this product.
Credits
Erez Kalman
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:docuseal:docuseal:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "docuseal",
            "vendor": "docuseal",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52277",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:49:30.942302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:58:42.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "DocuSeal",
          "repo": "https://github.com/docusealco/docuseal",
          "vendor": "DocuSeal",
          "versions": [
            {
              "lessThanOrEqual": "1.8.1",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "\u003e1.8.1",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erez Kalman"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisplayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -\u0026gt; Examine the print preview): Will render the vulnerability only, not all layers are flattened.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects DocuSeal: through 1.8.1, \u0026gt;1.8.1.\u003c/p\u003e"
            }
          ],
          "value": "User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -\u003e Examine the print preview): Will render the vulnerability only, not all layers are flattened.\n\n\nThis issue affects DocuSeal: through 1.8.1, \u003e1.8.1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Known, potentially in use (e.g., spear phishing)"
            }
          ],
          "value": "Known, potentially in use (e.g., spear phishing)"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-148",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-148 Content Spoofing"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T16:50:47.391Z",
        "orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
        "shortName": "VULSec"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://www.vulsec.org/advisories"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/docusealco/docuseal"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://docuseal.com/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://docuseal.eu/"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "tags": [
        "x_known-exploited-vulnerability",
        "x_open-source"
      ],
      "title": "PDF Document Spoofing in DocuSeal",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003eIf other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\u003c/li\u003e\u003cli\u003eIf possible -\u0026nbsp;Download the PDF file and perform full flattening (of the entire document, not just form fields)\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "*  If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\n  *  If possible -\u00a0Download the PDF file and perform full flattening (of the entire document, not just form fields)"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
    "assignerShortName": "VULSec",
    "cveId": "CVE-2024-52277",
    "datePublished": "2024-12-04T10:16:26.509Z",
    "dateReserved": "2024-11-06T08:35:09.853Z",
    "dateUpdated": "2024-12-05T16:50:47.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-52277\",\"sourceIdentifier\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\",\"published\":\"2024-12-04T11:30:51.107\",\"lastModified\":\"2024-12-05T14:15:21.547\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -\u003e Examine the print preview): Will render the vulnerability only, not all layers are flattened.\\n\\n\\nThis issue affects DocuSeal: through 1.8.1, \u003e1.8.1.\"},{\"lang\":\"es\",\"value\":\"** LANZAMIENTO LIMITADO INICIAL ** La vulnerabilidad de tergiversaci\u00f3n de informaci\u00f3n cr\u00edtica en la interfaz de usuario (IU) en [WITHHELD] permite la suplantaci\u00f3n de contenido. Este problema afecta a [WITHHELD]: hasta [WITHHELD].\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"RED\"}}]},\"weaknesses\":[{\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"references\":[{\"url\":\"https://docuseal.com/\",\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\"},{\"url\":\"https://docuseal.eu/\",\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\"},{\"url\":\"https://github.com/docusealco/docuseal\",\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\"},{\"url\":\"https://www.vulsec.org/advisories\",\"source\":\"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-52277\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-05T14:49:30.942302Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:docuseal:docuseal:-:*:*:*:*:*:*:*\"], \"vendor\": \"docuseal\", \"product\": \"docuseal\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-04T19:07:01.033Z\"}}], \"cna\": {\"tags\": [\"x_known-exploited-vulnerability\", \"x_open-source\"], \"title\": \"PDF Document Spoofing in DocuSeal\", \"source\": {\"discovery\": \"USER\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Erez Kalman\"}], \"impacts\": [{\"capecId\": \"CAPEC-148\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-148 Content Spoofing\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.2, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red\", \"providerUrgency\": \"RED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/docusealco/docuseal\", \"vendor\": \"DocuSeal\", \"product\": \"DocuSeal\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"git\", \"lessThanOrEqual\": \"1.8.1\"}, {\"status\": \"affected\", \"version\": \"\u003e1.8.1\", \"versionType\": \"git\"}], \"defaultStatus\": \"affected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Known, potentially in use (e.g., spear phishing)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Known, potentially in use (e.g., spear phishing)\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.vulsec.org/advisories\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://github.com/docusealco/docuseal\", \"tags\": [\"product\"]}, {\"url\": \"https://docuseal.com/\", \"tags\": [\"product\"]}, {\"url\": \"https://docuseal.eu/\", \"tags\": [\"product\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"*  If other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\\n  *  If possible -\\u00a0Download the PDF file and perform full flattening (of the entire document, not just form fields)\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003eIf other party initiated e-signing - Download the PDF file for a security professionals/educated persons inspection\u003c/li\u003e\u003cli\u003eIf possible -\u0026nbsp;Download the PDF file and perform full flattening (of the entire document, not just form fields)\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -\u003e Examine the print preview): Will render the vulnerability only, not all layers are flattened.\\n\\n\\nThis issue affects DocuSeal: through 1.8.1, \u003e1.8.1.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDisplayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -\u0026gt; Examine the print preview): Will render the vulnerability only, not all layers are flattened.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects DocuSeal: through 1.8.1, \u0026gt;1.8.1.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"CWE-451 User Interface (UI) Misrepresentation of Critical Information\"}]}], \"providerMetadata\": {\"orgId\": \"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\", \"shortName\": \"VULSec\", \"dateUpdated\": \"2024-12-05T16:50:47.391Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-52277\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-05T16:50:47.391Z\", \"dateReserved\": \"2024-11-06T08:35:09.853Z\", \"assignerOrgId\": \"2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe\", \"datePublished\": \"2024-12-04T10:16:26.509Z\", \"assignerShortName\": \"VULSec\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.