Vulnerabilities > CVE-2022-28764 - Incomplete Cleanup vulnerability in Zoom Meetings, Rooms and VDI Windows Meeting Clients
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.