← back
CVE-2024-52269

AI Assistant PDF Document Spoofing in DocuSign

CVSS 8.2 HIGHEPSS 0.3%CWE-451
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.2EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/U:Red
Affected products
DocuSign · DocuSign

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427fhttps://www.vulsec.org/advisories