CVE-2022-4457

Published: Jan 11, 2023Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.

Affected (1)

Products: Cloudflare: Warp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Warp	Before 6.20

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj

Source: cna@cloudflare.com

ProductThird Party Advisory

https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.