Skip to main content

Warp CVE-2023-0238

MEDIUM
Information Exposure (CWE-200)
2023-08-29 cna@cloudflare.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 29, 2023 - 15:15 nvd
MEDIUM 5.5

DescriptionNVD

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

AnalysisAI

Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. Affected products include: Cloudflare Warp.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

More in Warp

View all
CVE-2022-3320 CRITICAL
9.8 Oct 28

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint'

CVE-2026-48732 HIGH
8.8 Jun 24

Command injection in Warp's legacy SSH background command path lets an attacker-controlled remote host inject shell synt

CVE-2026-48704 HIGH
8.8 Jun 24

Arbitrary code execution in the Warp agentic development environment (builds 0.2023.10.24.08.03.stable_00 through 0.2026

CVE-2026-48720 HIGH
8.8 Jun 24

Arbitrary local file write in Warp terminal (0.2025.03.05.08.02.stable_00 through builds before 0.2026.05.06.15.42.stabl

CVE-2022-3512 HIGH
8.8 Oct 28

Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" f

CVE-2026-48721 HIGH
8.6 Jun 24

Command-execution permission bypass in Warp's default unsandboxed CLI agent profile (versions 0.2025.10.08.08.12.stable_

CVE-2026-48719 HIGH
8.0 Jun 24

Command injection in Warp's prompt branch-selector chip lets a crafted Git branch name execute in the victim's shell whe

CVE-2026-48725 HIGH
8.1 Jun 24

Clipboard hijacking in the Warp agentic terminal (versions 0.2021.04.25.23.05.stable_00 through 0.2026.05.06.15.42.stabl

CVE-2026-48731 HIGH
7.8 Jun 24

Command injection in the Warp agentic development environment (Linux builds 0.2024.02.20.08.01.stable_01 through pre-0.2

CVE-2026-48703 HIGH
7.8 Jun 24

OS command injection in Warp's AI Agent code-search tooling allows attacker-controlled inputs to escape read-only search

CVE-2023-0652 HIGH
7.8 Apr 06

Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WA

CVE-2023-1412 HIGH
7.8 Apr 05

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for

Share

CVE-2023-0238 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy