Local information exposure in Zoom Clients

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

信息暴露

Zoom Client 信息泄露漏洞

Zoom Client是美国Zoom公司的一款支持多种平台的视频会议客户端应用程序。 Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) 5.12.6之前版本存在信息泄露漏洞，该漏洞源于会议结束后未能从本地 SQL 数据库中清除数据以及使用不充分安全的每设备密钥加密该数据库导致本地恶意用户能够获取会议信息。

N/A

N/A