Unrated severityNVD Advisory· Published May 18, 2022· Updated Sep 17, 2024

Improperly constrained session cookies in Zoom Client for Meetings

CVE-2022-22785

Description

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

Affected products

Zoom Video Communications, Inc./Zoom Client For Meetings For Androidv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

explore.zoom.us/en/trust/security/security-bulletinmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000