CVE-2024-52276

HIGH EXPLOITED

DocuSign < 2024-12-04 - Content Spoofing via Layer Flattening Misrepresentation

Title source: llm

Exploitation Summary

CVE-2024-52276 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.

References (4)

Core 4

Core References

Various Sources vdb-entry

https://www.vulsec.org/advisories

Various Sources exploit

https://www.loom.com/share/65ce5423d2a04e0bbd2688a178d5427f

Various Sources exploit

https://new.space/s/3SG3wQxTSg7lq-vLzUjy-Q#mmrg4t0wMThwTqs9nogVHdLAjMFlkgFnKHn_Q8u9cCs

Various Sources exploit

https://drive.proton.me/urls/QD7Z493XX4#Yn3eKAjuZA5m

Scores

CVSS v3 7.5

EPSS 0.0035

EPSS Percentile 26.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-12-05

CWE

CWE-451

Status published

Products (1)

DocuSign/DocuSign < 2024-12-04

Published Dec 04, 2024

Tracked Since Feb 18, 2026