Vulnerabilities > Cloudflare > Warp Mobile Client > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2022-3321 Missing Authorization vulnerability in Cloudflare Warp Mobile Client
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings.
network
low complexity
cloudflare CWE-862
8.2
2022-10-28 CVE-2022-3322 Improper Verification of Cryptographic Signature vulnerability in Cloudflare Warp Mobile Client
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
network
low complexity
cloudflare CWE-347
7.5
2022-10-28 CVE-2022-3337 Missing Authorization vulnerability in Cloudflare Warp Mobile Client
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  feature being enabled on Zero Trust Platform.
network
low complexity
cloudflare CWE-862
8.5