Vulnerability Description
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Warp | < 6.29 |
Related Weaknesses (CWE)
References
- https://developers.cloudflare.com/warp-client/Product
- https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7Third Party Advisory
- https://developers.cloudflare.com/warp-client/Product
- https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7Third Party Advisory
FAQ
What is CVE-2023-0654?
CVE-2023-0654 is a vulnerability with a CVSS score of 3.9 (LOW). Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on ...
How severe is CVE-2023-0654?
CVE-2023-0654 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0654?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Warp.