Spoofing User's Activity Loads in WARP Mobile Client (Android)
CVE-2023-0654

3.9LOW

Key Information:

Vendor: Cloudflare
Status: Warp Client
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-0654?

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Affected Version(s)

WARP Client Android 0 < 6.29

References

https://github.com/cloudflare/advisories/security/advisor...

https://developers.cloudflare.com/warp-client/

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Feb 2, 2023

Cloudflare

What is CVE-2023-0654?

Affected Version(s)

References

CVSS V3.1

Timeline