CVE-2023-24486
published 2023-07-10CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the…
PriorityP425medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.18%
8.3th percentile
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | citrix_workspace | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | citrix_workspace_app_for_linux | < 2302 | 2302 |
| citrix | virtual_apps_and_desktops | — | — |
| citrix | workspace | < 2302 | 2302 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce
vendor_citrix·2023-07-10·CVSS 5.5
CVE-2023-24486 [MEDIUM] CWE-284 CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce
CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
Citrix
Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486
vendor_citrix·2023-02-23·CVSS 5.5
CVE-2023-24486 [MEDIUM] CWE-284 Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486
Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486
Vulnerability Type Pre-conditions CVE-2023-24486 Session takeover CWE-284: Improper Access Control Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications This issue affects all supported versions of Citrix Workspace app for Linux before 2302
CVE References: CVE-2023-24486
Affected Products: Citrix Virtual Apps and Desktops, Citrix Workspace App, Citrix Workspace app, XenServer, workspace
Severity: High
Remediation:
as soon as possible. The latest version of Citrix Workspace app for Linux is available from the following Citrix website location: https://www.citrix.com/downloads/workspace-app/linux/
GHSA
GHSA-wjqh-799v-63vh: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce
ghsa_unreviewed·2023-07-10
CVE-2023-24486 [MEDIUM] CWE-284 GHSA-wjqh-799v-63vh: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-10
Published