CVE-2023-0654

Name
CVE-2023-0654
Description
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7
MISC https://developers.cloudflare.com/warp-client/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:* warp >= None < 6.29

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
warp edge-community 0.5.4-r0 knuxify <knuxify@gmail.com> possibly vulnerable
warp 3.18-community 0.5.4-r0 knuxify <knuxify@gmail.com> possibly vulnerable