CVE-2023-24486 — Improper Access Control in Citrix Workspace APP FOR Linux

CWE-284 — Improper Access Control4 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Workspace APP FOR Linux Citrix Workspace Citrix Virtual Apps AND Desktops +4 more

Timeline

PublishedJul 10

Description

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶citrixcitrix/virtual_apps_and_desktops

▶citrixcitrix/citrix_virtual_apps_and_desktops

▶CVEListV5citrix/citrix_workspace_app_for_linux< 2302

▶NVDcitrix/workspace< 2302

▶citrixcitrix/workspace

🔴Vulnerability Details

GHSA

GHSA-wjqh-799v-63vh: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce↗2023-07-10

▶

📋Vendor Advisories

Citrix

CVE-2023-24486: A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain acce↗2023-07-10

▶

Citrix

Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486↗2023-02-23

▶