CVE-2022-3321

HIGH Year: 2022
CVSS v3 Score
8.2
High
Weakness Type
CWE-862
View all →

Vulnerability Description

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

Related Vulnerabilities

CVE-2020-24718

HIGH
CVSS:8.2(High)

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonst...

CWE-8622020

CVE-2022-0871

HIGH
CVSS:8.2(High)

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.

CWE-8622022

CVE-2022-1066

HIGH
CVSS:8.2(High)

Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.

CWE-8622022

CVE-2022-41930

HIGH
CVSS:8.2(High)

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or dis...

CWE-8622022

CVE-2023-37862

HIGH
CVSS:8.2(High)

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co...

CWE-8622023

CVE-2023-40608

HIGH
CVSS:8.2(High)

Missing Authorization vulnerability in Paid Memberships Pro Paid Memberships Pro CCBill Gateway.This issue affects Paid Memberships Pro CCBill Gateway: from n/a through 0.3.

CWE-8622023