漏洞标题
N/A
漏洞描述信息
Zoom 5.5.4 中有时允许攻击者读取参与者屏幕中的私人信息,即使参与者从未尝试分享其屏幕的私人部分。当一个用户通过分享屏幕功能共享特定应用程序窗口时,其他会议参与者可以短暂地看到未 explicitly 分享的其他应用程序窗口的内容。这些其他窗口的内容(例如)可以在它们重叠共享窗口并进入焦点时短暂地可见。(攻击者当然可以使用不受 Zoom 支持的单独的屏幕录制应用程序,将所有这些内容保存以供稍后的重放和分析。)
这短暂地暴露屏幕内容可能取决于无意中共享的数据,这可能是一个程度轻重不同的安全问题。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
ZOOM Zoom Client 信息泄露漏洞
漏洞描述信息
ZOOM Zoom Client是美国Zoom(ZOOM)公司的一款支持多种平台的视频会议客户端应用程序。 Zoom through 5.5.4 存在安全漏洞,该漏洞源于允许攻击者可利用该漏洞读取参与者屏幕上的私人信息。
CVSS信息
N/A
漏洞类别
信息泄露