漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command
Vulnerability Description
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
Cloudflare WARP 安全漏洞
Vulnerability Description
Cloudflare WARP(Cloudflare Vpn)是美国Cloudflare公司的一个用于安全连接的客户端应用软件。 Cloudflare WARP Zero Trust Secure Web Gateway存在安全漏洞,该漏洞源于攻击者可以通过使用warp-cli set-custom-endpoint 子命令绕过其配置策略使攻击者实现WARP客户机断开连接,并允许绕过Zero Trust注册端点上的管理限制。
CVSS Information
N/A
Vulnerability Type
N/A