Warp

Source repositories

https://github.com/warpdotdev/warp

CVEs (13)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-41997	Warpdotdev Warp	Med	0.43	6.6	0.00		Oct 14, 2024	An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell`…
CVE-2021-27860	Fatpipe Ipvpn		0.15	—	0.43	KEV	Dec 8, 2021	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this…
CVE-2021-27856	Fatpipe Ipvpn		0.04	—	0.46		Dec 15, 2021	FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this…
CVE-2021-27858	Fatpipe Ipvpn		0.03	—	0.32		Dec 15, 2021	A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some…
CVE-2025-0651	Warpdotdev Warp		0.00	—	0.00		Jan 22, 2025	Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option…
CVE-2023-3747	Warpdotdev Warp		0.00	—	0.00		Sep 7, 2023	Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker…
CVE-2022-4428	Warpdotdev Warp		0.00	—	0.00		Jan 11, 2023	support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local…
CVE-2022-3337	Warpdotdev Warp		0.00	—	0.00		Oct 28, 2022	It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust…
CVE-2022-3512	Warpdotdev Warp		0.00	—	0.00		Oct 28, 2022	Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
CVE-2021-27859	Fatpipe Ipvpn		0.00	—	0.01		Dec 15, 2021	A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges.…
CVE-2021-27857	Fatpipe Ipvpn		0.00	—	0.01		Dec 15, 2021	A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly…
CVE-2021-27855	Fatpipe Ipvpn		0.00	—	0.01		Dec 15, 2021	FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory…
CVE-2020-35152	Warpdotdev Warp		0.00	—	0.00		Feb 2, 2021	Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was…

CVE-2024-41997MedOct 14, 2024
Warpdotdev
Warp
risk 0.43cvss 6.6epss 0.00
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A command injection vulnerability exists in the Docker integration functionality. An attacker can create a specially crafted hyperlink using the `warp://action/docker/open_subshell`…
CVE-2021-27860KEVDec 8, 2021
Fatpipe
Ipvpn
risk 0.15cvss —epss 0.43
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this…
CVE-2021-27856Dec 15, 2021
Fatpipe
Ipvpn
risk 0.04cvss —epss 0.46
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this…
CVE-2021-27858Dec 15, 2021
Fatpipe
Ipvpn
risk 0.03cvss —epss 0.32
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some…
CVE-2025-0651Jan 22, 2025
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option…
CVE-2023-3747Sep 7, 2023
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker…
CVE-2022-4428Jan 11, 2023
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local…
CVE-2022-3337Oct 28, 2022
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust…
CVE-2022-3512Oct 28, 2022
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
CVE-2021-27859Dec 15, 2021
Fatpipe
Ipvpn
risk 0.00cvss —epss 0.01
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges.…
CVE-2021-27857Dec 15, 2021
Fatpipe
Ipvpn
risk 0.00cvss —epss 0.01
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly…
CVE-2021-27855Dec 15, 2021
Fatpipe
Ipvpn
risk 0.00cvss —epss 0.01
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory…
CVE-2020-35152Feb 2, 2021
Warpdotdev
Warp
risk 0.00cvss —epss 0.00
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was…