Server Side Request Forgery (SSRF) Vulnerability in Zoom Chat's Link Preview Functionality

Server Side Request Forgery (SSRF) Vulnerability in Zoom Chat's Link Preview Functionality

CVE-2021-34425 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.

Learn more about our Cis Benchmark Audit For Apple Ios.