13 results (0.031 seconds)

CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-23rx-f69w-g75c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. • https://developers.cloudflare.com/warp-client/get-started/windows https://github.com/cloudflare/advisories/security/advisories/GHSA-q55r-53c8-5642 https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release • CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. • https://developers.cloudflare.com/warp-client/get-started/windows https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9 https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release • CWE-59: Improper Link Resolution Before File Access ('Link Following') •