Element Web and Desktop Room Predecessor Validation Vulnerability

A vulnerability exists in Element Web and Element Desktop versions through 1.11.111, where there is inadequate validation of room predecessor links. This flaw allows remote attackers to temporarily replace a room's entry in the room list with an unrelated room of their choosing. Although this change is not permanent, it can mislead users into making incorrect assumptions.

Impact

Exploitation of this vulnerability can lead to confusion among users, causing them to act on false premises regarding room availability or status.

Reproduction

To reproduce this vulnerability, an attacker can create a room that includes a predecessor link pointing to an unrelated room. When this room is added to a user's room list, it can temporarily obscure the original room, leading to potential misunderstandings about room dynamics.

Remediation

Users are advised to upgrade to version 1.11.112. After updating, a simple reload or refresh will restore the correct room list state by removing the attacker's room and bringing back the original one.