Unquoted Service Path in Cloudflare WARP for Windows
Moderate
mskowroncf
published
GHSA-m6w8-3pf9-p68rJun 22, 2022
Package
Cloudflare WARP Client
(Windows)
Affected versions
>= 2022.2.95.0
Patched versions
2022.3.186.0
Description
Impact
Cloudflare WARP Client for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation.
Impact
Cloudflare WARP Client for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation.
Patches
The fix was released in version 2022.3.186.0
References
Cloudflare WARP Client for Windows releases
Cloudflare WARP Client documentation