Content Spoofing Vulnerability in Dropbox Sign Affects User Interface Integrity
CVE-2024-52270
Key Information:
- Vendor
Dropbox(hellosign)
- Status
- Vendor
- CVE Published:
- 5 December 2024
Badges
What is CVE-2024-52270?
CVE-2024-52270 is a critical vulnerability in Dropbox Sign (formerly HelloSign) that enables content spoofing due to a user interface misrepresentation of critical information. This flaw exists because the displayed version does not accurately show the flattened version of documents. When a user downloads or prints a document through browsers like Google Chrome, the output may reveal sensitive, unfiltered content that was supposed to be obscured. As such, this vulnerability poses a significant threat to user trust and data integrity, allowing potential adversaries to exploit the misrepresentation for malicious purposes. The issue affects all versions of Dropbox Sign until December 4, 2024.
Affected Version(s)
DropBox Sign 0 <= 2024-12-04
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.