CVE-2023-0654

Summary

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app.

Affected Software

VendorProductVersion RangeStatus
CloudflareWARP Client0 < 6.29affected

Weaknesses

  • CWE-1021: CWE-1021 Improper Restriction of Rendered UI Layers or Frames

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References