Description
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.
References
https://github.com/cloudflare/advisories/security/advisories/GHSA-35f7-fqrc-4hhj
ProductThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.5 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-11T17:15:09.470
2 years agoLast modified
2023-11-07T03:57:52.070
1 year ago