CVE-2023-39218

CVSS 6.1 MEDIUMEPSS 0.9%CWE-602

In short

Zoom clients before version 5.14.10 have a security setting that is enforced only on the client side, allowing a privileged user to bypass it and access information they shouldn't see through network access.

Technical detail

CWE-602: Client-side enforcement of server-side security. A privileged attacker can manipulate client-side security controls in Zoom versions prior to 5.14.10 to bypass intended restrictions and gain unauthorized information disclosure via network access. Remediation requires upgrade to version 5.14.10 or later.

Summary generated and translated by AI from the official description.

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Affected products

Zoom Video Communications, Inc. · Zoom Clients

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://explore.zoom.us/en/trust/security/security-bulletin/