CVE-2022-22785

Improperly constrained session cookies in Zoom Client for Meetings

CVSS 5.9 MEDIUMEPSS 3.5%

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

Productos afectados

Zoom Video Communications Inc · Zoom Client for Meetings for Android Zoom Video Communications Inc · Zoom Client for Meetings for iOS Zoom Video Communications Inc · Zoom Client for Meetings for Linux Zoom Video Communications Inc · Zoom Client for Meetings for MacOS Zoom Video Communications Inc · Zoom Client for Meetings for Windows

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://explore.zoom.us/en/trust/security/security-bulletin