CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3747 – Insufficient Validation on Override Codes for Always-Enabled WARP Mode
https://notcve.org/view.php?id=CVE-2023-3747
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. Los Administradores de Zero Trust tienen la capacidad de impedir que los usuarios finales deshabiliten WARP en sus dispositivos. Los administradores también pueden crear códigos de anulación para permitir que un dispositivo se desconecte temporalmente de WARP, sin embargo, debido a la falta de validación del lado del servidor, un atacante con acceso local al dispositivo podría extender el tiempo máximo permitido de desconexión del cliente WARP otorgado por un código de anulación cambiando la fecha y hora en el dispositivo local donde se ejecuta warp. • https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#retrieve-the-override-code https://play.google.com/store/apps/details?id=com.cloudflare.onedotonedotonedotone • CWE-565: Reliance on Cookies without Validation and Integrity Checking CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0654 – Spoofing User's Activity Loads in WARP Mobile Client (Android)
https://notcve.org/view.php?id=CVE-2023-0654
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0238 – Injecting Activity Loads in WARP Mobile Client
https://notcve.org/view.php?id=CVE-2023-0238
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-23rx-f69w-g75c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4241 – lol-html panics on certain HTML inputs
https://notcve.org/view.php?id=CVE-2023-4241
lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. • https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2754 – Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
https://notcve.org/view.php?id=CVE-2023-2754
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. • https://developers.cloudflare.com/warp-client https://github.com/cloudflare/advisories/security/advisories/GHSA-mv6g-7577-vq4w https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release • CWE-319: Cleartext Transmission of Sensitive Information •