Skip to content

Unquoted Service Path in Cloudflare WARP for Windows

Moderate
mskowroncf published GHSA-m6w8-3pf9-p68r Jun 22, 2022

Package

Cloudflare WARP Client (Windows)

Affected versions

>= 2022.2.95.0

Patched versions

2022.3.186.0

Description

Impact

Cloudflare WARP Client for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation.

Patches

The fix was released in version 2022.3.186.0

References

Cloudflare WARP Client for Windows releases
Cloudflare WARP Client documentation

Severity

Moderate

CVE ID

CVE-2022-2147

Weaknesses

Credits