CVE-2022-21825 — Improper Access Control in Citrix Workspace

CWE-284 — Improper Access Control CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 87.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Workspace Citrix Workspace

Timeline

PublishedFeb 9

Latest updateFeb 11

Description

An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcitrix/workspace2012 — 2112

▶citrixcitrix/citrix_workspace

🔴Vulnerability Details

GHSA

GHSA-jhfm-vpj4-vj2f: An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker↗2022-02-11

▶

📋Vendor Advisories

Citrix

CVE-2022-21825: An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker↗2022-02-09

▶