admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-227xx/CVE-2022-22785.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

150 lines
5.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-22785",
"sourceIdentifier": "security@zoom.us",
"published": "2022-05-18T16:15:08.697",
"lastModified": "2022-05-27T16:13:16.927",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user."
},
{
"lang": "es",
"value": "Zoom Client for Meetings (para Android, iOS, Linux, MacOS y Windows) versiones anteriores a 5.10.0, no restringe apropiadamente las cookies de sesi\u00f3n del cliente a los dominios de Zoom. Este problema podr\u00eda ser usado en un ataque m\u00e1s sofisticado para enviar a un usuario desprevenido las cookies de sesi\u00f3n de Zoom a un dominio que no es de Zoom. Esto podr\u00eda permitir la suplantaci\u00f3n de un usuario de Zoom"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security@zoom.us",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 6.4
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-565"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "257325E7-C897-49A8-8F82-7AF256A356C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "E22CE428-4C2A-4D98-A05C-0DC947511A82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "BB3D750A-6070-43B9-8D2F-0BF840FAEAAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "AD42820E-D045-4AE0-8A35-9B4E3007B71A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "5.10.0",
"matchCriteriaId": "DDF53A4B-7533-4DDA-9BEF-C803127FEDDD"
}
]
}
]
}
],
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin",
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink