exploitDog

CVE-2023-0654

Опубликовано: 29 авг. 2023

Источник: nvd

CVSS3: 3.9

CVSS3: 3.7

EPSS Низкий

Описание

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Ссылки

https://developers.cloudflare.com/warp-client/
Product
https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7
Third Party Advisory
https://developers.cloudflare.com/warp-client/
Product
https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:*

Версия до 6.29 (исключая)

EPSS

Процентиль: 15%

0.00048

Низкий

3.9 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-1021

CWE-1021

EPSS

Процентиль: 15%

0.00048

Низкий

3.9 Low

CVSS3

3.7 Low

CVSS3

Дефекты

CWE-1021

CWE-1021