CVE-2022-36928 MEDIUM

CVE-2022-36928: Path Traversal in Zoom for Android Clients

Vendor Zoom Video Communications Inc

Product Zoom for Android

Weakness CWE-35

Published January 9, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

Key dates

02Disclosure timeline

January 9, 2023 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-36928 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/35.html

Related vulnerabilities

Identifiers

CVE CVE-2022-36928

CWE CWE-35

CVSS 6.1 / MEDIUM

Affected versions