Skip to content

Lock WARP switch bypass on WARP mobile client using iOS quick action

Moderate
mskowroncf published GHSA-76pg-rp9h-wmcj Oct 28, 2022

Package

Cloudflare WARP mobile client (iOS)

Affected versions

<6.14

Patched versions

None

Description

Impact

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

Patches

The issue affected WARP client mobile application on iOS and was fixed in version 6.14.

References

Severity

Moderate

CVE ID

CVE-2022-3322

Weaknesses

No CWEs