CVE-2022-3320

Name
CVE-2022-3320
Description
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:cloudflare:warp:*:*:*:*:*:linux_kernel:*:* warp >= None < 2022.8.936
cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:* warp >= None < 2022.8.857.0
cpe:2.3:a:cloudflare:warp:*:*:*:*:*:macos:*:* warp >= None < 2022.8.861.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
warp 3.18-community 0.5.4-r0 knuxify <knuxify@gmail.com> possibly vulnerable
warp 3.19-community 0.6.2-r0 knuxify <knuxify@gmail.com> possibly vulnerable
warp edge-community 0.7.0-r0 knuxify <knuxify@gmail.com> possibly vulnerable
warp 3.20-community 0.7.0-r0 knuxify <knuxify@gmail.com> possibly vulnerable