Client-Side Enforcement of Server-Side Security

CVE-2023-39218

Medium

6.1/10

Summary

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-602 - Client-Side Enforcement of Server-Side Security

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References

Advisory Timeline

Published Aug 08, 2023

Client-Side Enforcement of Server-Side Security

CVE-2023-39218

Summary

CWE-602 - Client-Side Enforcement of Server-Side Security

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS