Impact
Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions.
Patches
The issue has been patched and users should upgrade to 1.11.112.
Workarounds
A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.
Impact
Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated attacker-supplied room. While the effect of this is temporary, it may still confuse users into acting on incorrect assumptions.
Patches
The issue has been patched and users should upgrade to 1.11.112.
Workarounds
A reload/refresh will fix the incorrect room list state, removing the attacker's room and restoring the original room.