ZoomCVELIST:CVE-2022-28764CVE-2022-28764 Local information exposure in Zoom Clients
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CNA Affected
[
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom VDI Windows Meeting Clients",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Zoom Video Communications Inc",
"product": "Zoom Rooms for Conference Room (for Android, iOS, Linux, macOS, and Windows)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.12.6",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%