Injecting Activity Loads in WARP Mobile Client
CVE-2023-0238

3.9LOW

Key Information:

Vendor: Cloudflare
Status: Warp Client
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-0238?

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

Affected Version(s)

WARP Client Android 0 < 6.29

References

https://github.com/cloudflare/advisories/security/advisor...

https://developers.cloudflare.com/warp-client/

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Jan 12, 2023

Cloudflare

What is CVE-2023-0238?

Affected Version(s)

References

CVSS V3.1

Timeline