Information Disclosure Vulnerability in Zoom for Windows and MacOS
CVE-2023-34114

6.5MEDIUM

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom for Windows Client; Zoom for MacOS Client
Vendor: CVE Published:; 13 June 2023

Summary

An information disclosure vulnerability exists in Zoom for Windows and MacOS prior to version 5.14.10. This issue arises from the improper exposure of resources, which can allow authenticated users to access sensitive information via network connections, potentially compromising user data. Organizations using affected versions should prioritize updating their software to safeguard against unauthorized information access.

Affected Version(s)

Zoom for MacOS Client before 5.14.10

Zoom for Windows Client before 5.14.10

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
May 25, 2023