It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli ‘set-custom-endpoint’ subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. More detail https://github.com/cloudflare/advisories/security/advisories/GHSA-3868-hwjx-r5xf
Bypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command
- Post author:System
- Post published:8 November 2022
- Post category:Blog & News
You Might Also Like
Google Issues Emergency Security Warning For 3.2 Billion Chrome Users—Attacks Underway
Experts say that the Biden administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity does not adequately address operational technology (OT) security.