Lucene search

ZoomCVELIST:CVE-2023-34117

HistoryJul 11, 2023 - 4:59 p.m.

CVE-2023-34117

2023-07-1116:59:20

Zoom

www.cve.org

zoom client sdk

path traversal

unauthorized user

information disclosure

local access

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom Client SDK",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.15.0"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.2%

JSON

Related for CVELIST:CVE-2023-34117