CVE-2023-39199: 
NixOS vulnerability analysis and mitigation

CVE-2023-39199 is a security vulnerability discovered in Zoom clients' In-Meeting Chat feature. The vulnerability was disclosed on November 14, 2023, affecting multiple Zoom client versions prior to 5.16.0 across various platforms including Android, iOS, Linux, macOS, and Windows. The issue involves cryptographic problems that could potentially lead to information disclosure when exploited by a privileged user through network access (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST, with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high confidentiality impact without affecting integrity or availability. Zoom's own assessment rated it slightly lower at 4.9 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N (NVD).

The vulnerability could allow a privileged user to conduct information disclosure through network access. The high confidentiality impact rating suggests that the attacker could gain access to sensitive information through the In-Meeting Chat feature (NVD).

The vulnerability has been addressed in Zoom client version 5.16.0. Users are recommended to update their Zoom clients to version 5.16.0 or later to mitigate this security issue. This applies to all affected platforms including Android, iOS, Linux, macOS, and Windows (NVD).