Lucene search

[email protected]CVE-2023-34117

HistoryJul 11, 2023 - 5:15 p.m.

CVE-2023-34117

2023-07-1117:15:13

CWE-22

[email protected]

web.nvd.nist.gov

zoom

client sdk

cve-2023-34117

information security

vulnerability

path traversal

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.

Affected configurations

NVD

Node

zoomzoom_software_development_kitRange<5.15.0

CPENameOperatorVersion
zoom:zoom_software_development_kitzoom zoom software development kitlt5.15.0

CPE	Name	Operator	Version
zoom:zoom_software_development_kit	zoom zoom software development kit	lt	5.15.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom Client SDK",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.15.0"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.8 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.0%

JSON

Related for CVE-2023-34117

cvelist1 prion1 nvd1