CVE-2023-0652

Published: Apr 6, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

Affected (1)

Products: Cloudflare: Warp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cloudflare Warp	Before 2023.3.381.0

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://developers.cloudflare.com/warp-client/get-started/windows/

Source: cna@cloudflare.com

Product

https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9

Source: cna@cloudflare.com

Vendor Advisory

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release

Source: cna@cloudflare.com

Release Notes

https://developers.cloudflare.com/warp-client/get-started/windows/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://github.com/cloudflare/advisories/security/advisories/GHSA-xmhj-9p83-xvw9

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://install.appcenter.ms/orgs/cloudflare/apps/1.1.1.1-windows-1/distribution_groups/release

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.