CVE-2022-28764

Name of the Vulnerable Software and Affected Versions Zoom Client for Meetings versions prior to 5.12.6

Description The issue arises from a failure to clear data from a local SQL database after a meeting ends, combined with the use of an insufficiently secure per-device key to encrypt that database. This allows a local malicious user to obtain meeting information, such as in-meeting chat for the previous meeting attended from that local user account.

Recommendations For versions prior to 5.12.6, update to version 5.12.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the local SQL database until a patch is applied.