CVE-2022-4457 - Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a

CVE-2022-4457

Summary

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.

References

https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj

Vulnerable Configurations

cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:*
cpe:2.3:a:cloudflare:warp:*:*:*:*:*:android:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

19-01-2023 - 02:34

Published

11-01-2023 - 17:15

Last modified

19-01-2023 - 02:34