CVE-2022-2147

Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:windows:*:*

History

21 Nov 2024, 07:00

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 7.8
v2 : 4.6
v3 : 6.5
References () https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r - Release Notes, Third Party Advisory () https://github.com/cloudflare/advisories/security/advisories/GHSA-m6w8-3pf9-p68r - Release Notes, Third Party Advisory

Information

Published : 2022-06-23 21:15

Updated : 2024-11-21 07:00


NVD link : CVE-2022-2147

Mitre link : CVE-2022-2147

CVE.ORG link : CVE-2022-2147


JSON object : View

Products Affected

cloudflare

  • warp
CWE
CWE-428

Unquoted Search Path or Element