Vulnerabilities > CVE-2023-0654 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Cloudflare Warp

CVSS 3.7 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

high complexity

cloudflare

CWE-1021

NVD

Published: 2023-08-29

Updated: 2023-09-01

Summary

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Vulnerable Configurations

Part	Description	Count
Application	Cloudflare Cloudflare Warp -	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://github.com/cloudflare/advisories/security/advisories/GHSA-5r97-pqv6-xpx7
https://developers.cloudflare.com/warp-client/