CVE-2021-34419 LOW

CVE-2021-34419: HTML injection in Zoom Linux client

Vendor Zoom Video Communications Inc
Product Zoom Client for Meetings for Ubuntu Linux
Published November 11, 2021
Last update September 17, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.

Key dates

02Disclosure timeline

November 11, 2021 CVE published
September 17, 2024 Record updated