CVE-2024-24699: 
NixOS vulnerability analysis and mitigation

CVE-2024-24699 is a business logic error vulnerability discovered in various Zoom client applications. The vulnerability was disclosed on February 13, 2024, affecting multiple Zoom client versions including Windows, macOS, Linux, VDI, mobile applications, Zoom Rooms Clients, and Meeting SDKs. The flaw could potentially allow an authenticated user to conduct information disclosure through network access (Zoom Security, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium severity) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue specifically relates to a business logic error within the in-meeting chat functionality of affected Zoom clients (Rapid7).

The vulnerability could lead to information disclosure when exploited by an authenticated user with network access. The high confidentiality impact rating in the CVSS score indicates that the flaw could potentially expose sensitive information (NVD).

Zoom has released patches for all affected products. Users are advised to update to Zoom Desktop Client version 5.16.5 or later for Windows, macOS, and Linux, VDI Client version 5.17.5 or later for Windows, Mobile App version 5.16.5 or later for both Android and iOS, Zoom Rooms Clients version 5.17.0 or later, and Meeting SDKs version 5.16.5 or later (Zoom Security).