Skip to content

Cloudflare WARP Client Arbitrary File Overwrite

Moderate
mskowroncf published GHSA-6fpc-qxmr-6wrq Jun 27, 2022

Package

Cloudflare WARP Client (Windows)

Affected versions

< 2022.5.309.0

Patched versions

2022.5.309.0

Description

Impact

Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.

Patches

The fix was released in version 2022.5.309.0

References

Cloudflare WARP Client for Windows releases
Cloudflare WARP Client documentation

Severity

Moderate

CVE ID

CVE-2022-2145

Credits