CVE-2023-0238 LOW

CVE-2023-0238: Injecting Activity Loads in WARP Mobile Client

Vendor Cloudflare

Product WARP Client

Weakness CWE-200 · Info exposure

Published August 29, 2023

Last update September 30, 2024

View on NVD All CVEs

CVSS base score

3.9/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

Key dates

02Disclosure timeline

August 29, 2023 CVE published

September 30, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0238 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

CVE-2023-0238: Injecting Activity Loads in WARP Mobile Client

01Description

02Disclosure timeline

03References

04Related CVE