CVE-2020-13884Incorrect Default Permissions in Citrix Workspace APP

CWE-276Incorrect Default Permissions4 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Citrix Workspace APPCitrix WorkspaceCitrix Workspace APP+2 more
Timeline
PublishedJun 8
Latest updateMay 24

Description

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDcitrix/workspace_app< 2006.1

🔴Vulnerability Details

1
GHSA
GHSA-j7f2-25g8-8gjg: Citrix Workspace App before 20062022-05-24

📋Vendor Advisories

2
Citrix
Vulnerabilities in Citrix Workspace app and Receiver for Windows2020-06-11
Citrix
CVE-2020-13884: Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges du2020-06-08