Lucene search
Alpine Linux Development TeamALPINE:CVE-2022-3512HistoryOct 28, 2022 - 10:15 a.m.
CVE-2022-3512
2022-10-2810:15:17
Alpine Linux Development Team
security.alpinelinux.org
16
warp-cli
add-trusted-ssid
bypass
lock
zero trust
policies
endpoint
unix
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
42.8%
Using warp-cli command “add-trusted-ssid”, a user was able to disconnect WARP client and bypass the “Lock WARP switch” feature resulting in Zero Trust policies not being enforced on an affected endpoint.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | warp | = 0.5.4-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | warp | = 0.6.2-r0 | UNKNOWN |
| Alpine | edge-community | noarch | warp | = 0.7.0-r0 | UNKNOWN |
| Alpine | 3.20-community | noarch | warp | = 0.7.0-r0 | UNKNOWN |
Related
prion
prion
Design/Logic Flaw
2022-10-28 10:15:00
cvelist
cvelist
cve
cve
CVE-2022-3512
2022-10-28 10:15:17
hackerone
hackerone
nvd
nvd
CVE-2022-3512
2022-10-28 10:15:17
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.001
Percentile
42.8%
Related for ALPINE:CVE-2022-3512