Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486

book

Article ID: CTX477618

calendar_today

Updated On:

Description

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.

CVE ID	Description	Vulnerability Type	Pre-conditions
CVE-2023-24486	Session takeover	CWE-284: Improper Access Control	Local user access to a system where another user is utilizing a vulnerable version of Citrix Workspace App for Linux to launch published desktops and applications

This issue affects all supported versions of Citrix Workspace app for Linux before 2302

Mitigating Factors

Customers are not affected by this issue when they use the native Citrix Workspace App for Linux clients to initiate connections to launch published desktops and applications.

Instructions

This issue has been addressed in the following versions of Citrix Workspace app for Linux:

Citrix Workspace app for Linux 2302 and later

Citrix strongly recommends that affected customers upgrade to a fixed version as soon as possible.

The latest version of Citrix Workspace app for Linux is available from the following Citrix website location:

https://www.citrix.com/downloads/workspace-app/linux/

Acknowledgements

Citrix thanks Russell Howe for working with us to protect Citrix customers.

Additional Information

Date	Change
2023-02-14	Initial publication
2023-02-23	Acknowledgments added
2023-02-26	Mitigating factors added
2023-02-27	Updated the downloads link

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"