support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients).
References
Link | Resource |
---|---|
https://github.com/cloudflare/advisories/security/advisories/GHSA-h3j3-fhqg-66rh | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cloudflare
Published: 2023-01-11T16:49:36.512Z
Updated: 2023-01-12T11:17:35.572Z
Reserved: 2022-12-12T16:15:55.217Z
Link: CVE-2022-4428
JSON object: View
NVD Information
Status : Modified
Published: 2023-01-11T17:15:09.383
Modified: 2023-11-07T03:57:48.063
Link: CVE-2022-4428
JSON object: View
Redhat Information
No data.
CWE