CVE-2022-4457 MEDIUM

CVE-2022-4457: WARP client manifest misconfiguration leading to Task Hijacking

Vendor Cloudflare
Product WARP
Weakness CWE-200 · Info exposure
Published January 11, 2023
Last update April 9, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.

Key dates

02Disclosure timeline

January 11, 2023 CVE published
April 9, 2025 Record updated