CVE-2022-22785

MEDIUM

Zoom Client <5.10.0 - CSRF

Title source: llm

Description

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

References (1)

[Vendor Advisory] https://explore.zoom.us/en/trust/security/security-bulletin

Scores

CVSS v3 5.9

EPSS 0.0018

EPSS Percentile 39.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

Details

CWE

CWE-565

Status published

Products (1)

zoom/meetings < 5.10.0 (5 CPE variants)

Published May 18, 2022

Tracked Since Feb 18, 2026