CVE-2022-3320

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
cloudflareCNA
6.7 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
cloudflarewarp
𝑥
< 2022.8.857.0
cloudflarewarp
𝑥
< 2022.8.861.0
cloudflarewarp
𝑥
< 2022.8.936
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf
https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf