CVE-2022-4428 – support_uri validation missing in WARP client for Windows
https://notcve.org/view.php?id=CVE-2022-4428
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). • https://github.com/cloudflare/advisories/security/advisories/GHSA-h3j3-fhqg-66rh • CWE-20: Improper Input Validation •
CVE-2022-4457 – WARP client manifest misconfiguration leading to Task Hijacking
https://notcve.org/view.php?id=CVE-2022-4457
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. • https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-125026 – Out-of-bounds write in github.com/cloudflare/golz4
https://notcve.org/view.php?id=CVE-2014-125026
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. Los enlaces LZ4 utilizan una API C obsoleta que es vulnerable a la corrupción de la memoria, lo que podría provocar la ejecución de código arbitrario si se llama con entradas de usuarios que no son de confianza. • https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898 https://github.com/cloudflare/golz4/issues/5 https://pkg.go.dev/vuln/GO-2020-0022 • CWE-787: Out-of-bounds Write •
CVE-2022-3320 – Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command
https://notcve.org/view.php?id=CVE-2022-3320
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. Era posible omitir las políticas configuradas para Zero Trust Secure Web Gateway mediante el subcomando warp-cli 'set-custom-endpoint'. El uso de este comando con un punto final inalcanzable provocó que el cliente WARP se desconectara y permitió eludir las restricciones administrativas en un punto final inscrito en Zero Trust. • https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf • CWE-862: Missing Authorization •
CVE-2022-3322 – Lock WARP switch bypass on WARP mobile client using iOS quick action
https://notcve.org/view.php?id=CVE-2022-3322
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. El interruptor Lock Warp es una característica de la plataforma Zero Trust que, cuando está habilitada, evita que los usuarios de dispositivos registrados deshabiliten el cliente WARP. Debido a una verificación insuficiente de la política por parte del cliente WARP iOS, esta característica podría omitirse mediante la acción rápida ""Desactivar WARP"". • https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj • CWE-347: Improper Verification of Cryptographic Signature CWE-862: Missing Authorization •