The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Meetings | Zoom | * | 5.12.6 (excluding) |
Rooms | Zoom | * | 5.12.6 (excluding) |
Vdi_windows_meeting_clients | Zoom | * | 5.12.6 (excluding) |