CVE-2022-22785

Improperly constrained session cookies in Zoom Client for Meetings

CVSS 5.9 MEDIUMEPSS 3.5%

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

Produtos afetados

Zoom Video Communications Inc · Zoom Client for Meetings for Android Zoom Video Communications Inc · Zoom Client for Meetings for iOS Zoom Video Communications Inc · Zoom Client for Meetings for Linux Zoom Video Communications Inc · Zoom Client for Meetings for MacOS Zoom Video Communications Inc · Zoom Client for Meetings for Windows

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://explore.zoom.us/en/trust/security/security-bulletin