Lucene search

MitreCVE-2020-13884

HistoryJun 08, 2020 - 7:15 p.m.

CVE-2020-13884

2020-06-0819:15:10

CWE-276

mitre

web.nvd.nist.gov

citrix

workspace

app

insecure permissions

unquoted path

vulnerability

privileges

uninstallation

nvd

cve-2020-13884

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

Affected configurations

Nvd

Node

citrixworkspace_appRange<2006.1windows

VendorProductVersionCPE
citrixworkspace_app*cpe:2.3:a:citrix:workspace_app:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
citrix	workspace_app	*	cpe:2.3:a:citrix:workspace_app::::::windows::*

References

github.com/hessandrew/CVE-2020-13884

support.citrix.com/article/CTX275460

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-13884