Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
References
Link | Resource |
---|---|
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r | Release Notes Third Party Advisory |
https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 07:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.5 |
References | () https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r - Release Notes, Third Party Advisory |
Information
Published : 2022-06-23 21:15
Updated : 2024-11-21 07:00
NVD link : CVE-2022-2147
Mitre link : CVE-2022-2147
CVE.ORG link : CVE-2022-2147
JSON object : View
Products Affected
cloudflare
- warp
CWE
CWE-428
Unquoted Search Path or Element