User Interface (UI) Misrepresentation of Critical Information

CVE-2024-52269

High

8.2/10

Summary

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

References

Advisory Timeline

Published Dec 04, 2024

User Interface (UI) Misrepresentation of Critical Information

CVE-2024-52269

Summary

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS