Zoom Workplace Apps and SDKs - Path traversal

Bulletin: ZSB-24023
CVEID: CVE-2024-39826
CVSS Severity: Medium
CVSS Score: 6.8
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Description:

Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace Desktop App for Windows before version 6.0.0
Zoom Workplace VDI App for Windows before version 5.17.13
Zoom Meeting SDK for Windows before version 6.0.0

Source:

Reported by shmoul.

Revision	Date	Description
1.0	07/09/2024	Initial publication.

Zoom Workplace Apps and SDKs - Path traversal

Subscribe for updates