Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
References
Link | Resource |
---|---|
https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq | Release Notes Third Party Advisory |
Configurations
History
08 Jul 2022, 13:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:* | |
CWE | CWE-59 | |
First Time |
Cloudflare
Cloudflare warp |
|
References | (MISC) https://github.com/cloudflare/advisories/security/advisories/GHSA-6fpc-qxmr-6wrq - Release Notes, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
28 Jun 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-28 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-2145
Mitre link : CVE-2022-2145
CVE.ORG link : CVE-2022-2145
JSON object : View
Products Affected
cloudflare
- warp