Warp Client
Approved changes feed: RSS · Atom
cpe:2.3:a:cloudflare:warp_client:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cloudflare (5b4480cb-8cd0-5fc8-8b44-6534513ed911) |
|---|---|
| Product | Warp Client (6c7a8b64-6401-54e1-880d-a7427771e0eb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-3747 |
vulnerable | 2026-06-03 14:52:41.732057 |
Insufficient Validation on Override Codes for Always-Enabled WARP Mode
MEDIUM (5.5)
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.
Published: 2023-09-07T12:11:01.435Z
Updated: 2024-09-26T14:17:57.684Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1862 |
vulnerable | 2026-06-03 14:48:56.612161 |
Remote access to warp-svc.exe in Cloudflare WARP
HIGH (7.3)
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
Published: 2023-06-20T08:28:12.578Z
Updated: 2024-12-09T18:31:09.155Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0654 |
vulnerable | 2026-06-03 14:48:52.354721 |
Spoofing User's Activity Loads in WARP Mobile Client (Android)
LOW (3.9)
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.
Published: 2023-08-29T15:05:19.623Z
Updated: 2024-09-30T17:46:56.466Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-0238 |
vulnerable | 2026-06-03 14:48:45.896573 |
Injecting Activity Loads in WARP Mobile Client
LOW (3.9)
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.
Published: 2023-08-29T14:56:50.791Z
Updated: 2024-09-30T17:47:12.727Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.