CVE-2024-6148
published 2024-07-10CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.40%
32.0th percentile
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_workspace | — | — |
| citrix | citrix_workspace_app | — | — |
| citrix | citrix_workspace_app_for_html5 | >= 2404 < 1 | 1 |
| citrix | storefront | — | — |
| citrix | workspace | < 2404.1 | 2404.1 |
| citrix | workspace | — | — |
| citrix | xenserver | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Citrix
Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149
vendor_citrix·2024-07-15·CVSS 5.3
CVE-2024-6148 [MEDIUM] CWE-276 Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149
Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-6149
of Problem Two vulnerabilities have been discovered that impact the Citrix Workspace app for HTML5. Refer to below for further details:
CVE References: CVE-2024-6148, CVE-2024-6149
Affected Products: Citrix Workspace app, StoreFront, XenServer, storefront, workspace
Severity: Medium
CVSS Score: 5.3
Remediation:
Citrix strongly recommends that customers upgrade their Citrix Workspace app for HTML5 to the version containing the fixes as soon as possible. Citrix Workspace app for HTML5 versions that contain the fixes are: Citrix Workspace app for HTML5 2404.1 and later versions Customers can upgrade vulnerable version of Citrix Workspace app for HTML5 on StoreFront CR or LTSR Layouts by downloading Citrix Work
Citrix
CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
vendor_citrix·2024-07-10·CVSS 8.8
CVE-2024-6148 [HIGH] CWE-276 CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
GHSA
GHSA-56xm-5973-mjq5: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
ghsa_unreviewed·2024-07-10
CVE-2024-6148 [MEDIUM] CWE-276 GHSA-56xm-5973-mjq5: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-10
Published