CVE-2022-3320
Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint commandIt was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
We have discovered 180 live websites that are affected by CVE-2022-3320.
Contact us to get more info
Affected Software
| |
---|
Product | Warp |
Category | Web Servers |
Vulnerable Versions | |
Total Vulnerable Versions | 38 |
Vulnerable Domains | 180 live websites (100.00% of Warp install base) |
Common Weakness Enumeration
CWE-862 Missing Authorization
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-3320 and the relative popularity of websites