CVE-2022-22785

Summary

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications IncZoom Client for Meetings for Androidunspecified < 5.10.0affected
Zoom Video Communications IncZoom Client for Meetings for iOSunspecified < 5.10.0affected
Zoom Video Communications IncZoom Client for Meetings for Linuxunspecified < 5.10.0affected
Zoom Video Communications IncZoom Client for Meetings for MacOSunspecified < 5.10.0affected
Zoom Video Communications IncZoom Client for Meetings for Windowsunspecified < 5.10.0affected

Weaknesses

  • Exposure of Resource to Wrong Sphere

ADP Enrichment

CVE Program Container

Additional References

References