[Driftstörning] FW: Zoom Client on all platforms - make sure they're on 5.7.3 or above (CVE-2021-34425)
Kejvan Redjamand
kejvan at chalmers.se
Ons Dec 15 10:04:50 CET 2021
Hi
A vulnerability has been detected in Zoom and all Zoom clients (program or app I all platforms) must be updated to version 5.7.3 or higher (current release is 5.8.7).
Please see below.
Kind regards,
Kejvan Redjamand
Chalmers ITA
Zoom Client on all platforms - make sure they're on 5.7.3 or above (CVE-2021-34425)
Description: The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat’s “link preview” functionality. In versions prior to 5.7.3, if a user were to enable the chat’s “link preview” feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from Zoom Download site
Affected Products:
• All Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.7.3
Details:
ZSB-21021 12/14/2021 Server Side Request Forgery in Zoom Client for Meetings chat Medium CVE-2021-34425
Severity: Medium
CVSS Score: 4.7
CVSS Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
-------------- next part --------------
En HTML-bilaga skiljdes ut...
URL: <http://lists.chalmers.se/pipermail/driftstorning/attachments/20211215/d17f4b53/attachment.html>
More information about the driftstorning
mailing list