CVE-2022-3320: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in Cloudflare's WARP Client that allowed bypassing policies configured for Zero Trust Secure Web Gateway. The vulnerability, identified as CVE-2022-3320, was disclosed on October 28, 2022, affecting multiple versions of the WARP Client across Windows, Linux, and MacOS platforms (Cloudflare Advisory).

The vulnerability stems from the 'set-custom-endpoint' subcommand in warp-cli. When this command was used with an unreachable endpoint, it caused the WARP Client to disconnect, effectively allowing users to bypass administrative restrictions on a Zero Trust enrolled endpoint. The vulnerability received a CVSS v3.1 base score of 6.7 (Medium) from Cloudflare with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L, while NIST assigned a more severe CVSS score of 9.8 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allowed attackers to bypass administrative restrictions and security policies set up through Cloudflare's Zero Trust Secure Web Gateway. This could potentially compromise the security posture of affected organizations by circumventing intended access controls and network security policies (Cloudflare Advisory).

The vulnerability was patched in the following versions: Windows: 2022.8.857.0, Linux: 2022.8.936, and MacOS: 2022.8.861.0. Users should upgrade to these or later versions to mitigate the vulnerability (Cloudflare Advisory).