CVE-2023-24484
published 2023-02-16CVE-2023-24484: A malicious user can cause log files to be written to a directory that they do not have permission to write to.
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.26%
17.0th percentile
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_workspace_app | — | — |
| citrix | citrix_workspace_app_for_windows | >= Citrix Workspace App versions < 2212 | 2212 |
| citrix | workspace | < 2212 | 2212 |
| citrix | workspace | — | — |
| citrix | workspace | — | — |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-768p-9g3v-688p: A malicious user can cause log files to be written to a directory that they do not have permission to write to
ghsa_unreviewed·2023-02-16
CVE-2023-24484 [MEDIUM] CWE-284 GHSA-768p-9g3v-688p: A malicious user can cause log files to be written to a directory that they do not have permission to write to
A malicious user can cause log files to be written to a directory that they do not have permission to write to.
Citrix
Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485
vendor_citrix·CVSS 5.5
CVE-2023-24484 [MEDIUM] CWE-284 Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485
Citrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485
Vulnerability Type Pre-conditions CVE-2023-24484 A malicious user can cause log files to be written to a directory that they do not have permission to write to. CWE-284: Improper Access Control Local user access to a system where a vulnerable version of Citrix Workspace App for Windows is later installed or uninstalled by a SYSTEM process (e.g. SCCM). CVE-2023-24485 Privilege Escalation on the system running a vulnerable version of Citrix Workspace app for Windows CWE-284: Improper Access Control Local user access to a system at the time a vulnerable version of Citrix Workspace App for Windows is being installed or uninstalled by an Administrator or SYSTEM process (e.g. SCCM). The vulnerability affects
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-16
Published