GCVE - cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:*

part: a version: * update: *

Vendor	Cloudflare (`5b4480cb-8cd0-5fc8-8b44-6534513ed911`)
Product	Warp (`bd41a0f8-a4ea-579a-ba9c-c7e2113041e0`)
Edition	*
Language	*
Software edition	*
Target software	android
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-0654`	vulnerable	2026-06-03 14:48:52.355284	Spoofing User's Activity Loads in WARP Mobile Client (Android) LOW (3.9) Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. Published: 2023-08-29T15:05:19.623Z Updated: 2024-09-30T17:46:56.466Z Open on db.gcve.eu Reference links https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7 https://developers.cloudflare.com/warp-client/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-0238`	vulnerable	2026-06-03 14:48:45.897141	Injecting Activity Loads in WARP Mobile Client LOW (3.9) Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. Published: 2023-08-29T14:56:50.791Z Updated: 2024-09-30T17:47:12.727Z Open on db.gcve.eu Reference links https://github.com/cloudflare/advisories/security/advisories/GHSA-23rx-f69w-g75c https://developers.cloudflare.com/warp-client/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-4457`	vulnerable	2026-06-03 14:48:35.740000	WARP client manifest misconfiguration leading to Task Hijacking MEDIUM (5.5) Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. Published: 2023-01-11T16:32:28.382Z Updated: 2025-04-09T13:43:50.264Z Open on db.gcve.eu Reference links https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.