Webcam and Microphone Access Vulnerability in Zulip Desktop by Zulip
CVE-2020-10858

5.3MEDIUM

Key Information:

Vendor: Zulip
Status: Zulip Desktop
Vendor: CVE Published:; 5 February 2021

What is CVE-2020-10858?

The Zulip Desktop application prior to version 5.0.0 contains a security flaw that allows malicious actors to access the device's webcam and microphone without appropriate permission requests. This oversight can lead to unauthorized recording and invasion of user privacy. Users are advised to update their software to the latest version to prevent potential exploitation of this vulnerability. For more details, visit the official Zulip blog.

References

https://blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-sec...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2021
Vulnerability Reserved
Mar 23, 2020