CVE-2022-22785
MEDIUMZoom Meetings < 5.10.0 - Session Cookie Spoofing via Improper Domain Validation
Title source: llmDescription
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://explore.zoom.us/en/trust/security/security-bulletin
Scores
CVSS v3
5.9
EPSS
0.0348
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-565
Status
published
Products (1)
zoom/meetings
< 5.10.0 (5 CPE variants)
Published
May 18, 2022
Tracked Since
Feb 18, 2026