CVE-2022-3320

Published: Oct 28, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.

Affected (3)

Products: Cloudflare: Warp

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Warp	Before 2022.8.936
Cloudflare Warp	Before 2022.8.861.0
Cloudflare Warp	Before 2022.8.857.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf

Source: cna@cloudflare.com

Third Party Advisory

https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.