CVE-2022-2147

Published: Jun 23, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.

Affected (1)

Products: Cloudflare: Warp

Cloudflare

1 product

Warp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Warp	From 2022.2.95.0 to 2022.3.186.0

Related CWEs

CWE-428

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (2)

https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r

Source: cna@cloudflare.com

Release NotesThird Party Advisory

https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.