CVE-2022-28764: Infoleak
First published: Mon Nov 14 2022(Updated: )
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
Credit: security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Meetings | <5.12.6 | |
| Zoom Meetings | <5.12.6 | |
| Zoom Meetings | <5.12.6 | |
| Zoom Meetings | <5.12.6 | |
| Zoom Meetings | <5.12.6 | |
| Zoom Rooms | <5.12.6 | |
| Zoom Rooms | <5.12.6 | |
| Zoom Rooms | <5.12.6 | |
| Zoom Rooms | <5.12.6 | |
| Zoom Rooms | <5.12.6 | |
| Zoom VDI Windows Meeting Clients | <5.12.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-28764.
What is the severity of CVE-2022-28764?
The severity of CVE-2022-28764 is low (CVSS score: 3.3).
Which software versions are affected by CVE-2022-28764?
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) versions up to and excluding 5.12.6 are affected.
What is the impact of CVE-2022-28764?
CVE-2022-28764 allows local information exposure, potentially exposing user data stored in a local SQL database.
How can I fix CVE-2022-28764?
To fix CVE-2022-28764, update your Zoom Client for Meetings to version 5.12.6 or later.