CVE-2024-6148Incorrect Default Permissions in Citrix Workspace APP FOR Html5

CWE-276Incorrect Default PermissionsCWE-601Open Redirect4 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 74.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Citrix Workspace APP FOR Html5Citrix WorkspaceCitrix Workspace+3 more
Timeline
PublishedJul 10
Latest updateJul 15

Description

Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages7 packages

NVDcitrix/workspace< 2404.1

Patches

Patch: support.citrix.comPatch: support.citrix.com

🔴Vulnerability Details

1
GHSA
GHSA-56xm-5973-mjq5: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML52024-07-10

📋Vendor Advisories

2
Citrix
Citrix Workspace app for HTML5 Security Bulletin CVE-2024-6148 and CVE-2024-61492024-07-15
Citrix
CVE-2024-6148: Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML52024-07-10