CVE-2023-36534: 
NixOS vulnerability analysis and mitigation

CVE-2023-36534 is a path traversal vulnerability discovered in Zoom Desktop Client for Windows versions before 5.14.7. The vulnerability was disclosed on August 8, 2023, and was assigned a CVSS v3.1 base score of 9.8 (Critical) by NIST NVD (NVD). The vulnerability affects Zoom's Windows client software and could potentially be exploited by unauthenticated users via network access.

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). It received two different CVSS scores: a 9.8 Critical rating from NIST with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, and a 9.3 Critical rating from Zoom with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H (NVD).

The vulnerability could allow an unauthenticated attacker to enable an escalation of privilege via network access. An attacker could potentially exploit this vulnerability by sending a specially crafted URL to a Zoom user, which could then be used to access sensitive files on the user's system (Security Online).

Users are advised to update their Zoom Desktop Client for Windows to version 5.14.7 or later to address this vulnerability. This update was released as part of Zoom's security patches (Security Online).