CVE-2020-13884

Published: Jun 8, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

Affected (1)

Products: Citrix: Workspace App

Citrix

1 product

Workspace App

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Citrix Workspace App	Before 2006.1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://github.com/hessandrew/CVE-2020-13884

Source: cve@mitre.org

ExploitThird Party Advisory

https://support.citrix.com/article/CTX275460

Source: cve@mitre.org

https://github.com/hessandrew/CVE-2020-13884

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://support.citrix.com/article/CTX275460

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.