CVE-2023-0654

CVSS V2 None CVSS V3 None

Description

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Overview

CVE ID
CVE-2023-0654

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2023-08-29T15:05:19.623Z

Last Modified Date
2023-08-29T15:05:19.623Z

Weakness Enumerations

CWE	URL
CWE-1021	http://cwe.mitre.org/data/definitions/1021.html

References

Reference URL	Reference Tags
https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7
https://developers.cloudflare.com/warp-client/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-0654
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0654

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:36:52				Added to TrackCVE