Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3322", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "requesterUserId": "25b7b156-39bf-4f6b-8c25-8bc69c5c5e82", "dateReserved": "2022-09-26T16:41:02.276Z", "datePublished": "2022-10-28T09:25:55.997Z", "dateUpdated": "2025-05-05T20:15:49.618Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["iOS"], "product": "WARP", "vendor": "Cloudflare", "versions": [{"lessThan": "6.14", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)<br>"}], "value": "Endpoint enrolled on Cloudflare Zero Trust (Cloudflare One)\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Josh (joshmotionfans)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.</p></div>"}], "value": "Lock Warp switch is a feature of Zero Trust platform which, when\n enabled, prevents users of enrolled devices from disabling WARP client.\n Due to insufficient policy verification by WARP iOS client, this \nfeature could be bypassed by using the \"Disable WARP\" quick action.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2022-10-28T09:25:55.997Z"}, "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the specified patched version.<br>"}], "value": "Upgrade to the specified patched version.\n"}], "source": {"advisory": "GHSA-76pg-rp9h-wmcj", "discovery": "EXTERNAL"}, "title": "Lock WARP switch bypass on WARP mobile client using iOS quick action", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:07:06.465Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/cloudflare/advisories/security/advisories/GHSA-76pg-rp9h-wmcj", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T20:15:36.247571Z", "id": "CVE-2022-3322", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T20:15:49.618Z"}}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat