CVE-2023-24484 - Vulnerability Details - OpenCVE

A malicious user can cause log files to be written to a directory that they do not have permission to write to.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Citrix	Workspace

Configuration 1 [-]

OR	cpe:2.3:a:citrix:workspace:::::-:windows::
	cpe:2.3:a:citrix:workspace:1912:-:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu1-hf1:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu2:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu3:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu4:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu5:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:1912:cu6:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:-:::ltsr:windows::
	cpe:2.3:a:citrix:workspace:2203.1:cu1:::ltsr:windows::

No data.

References

Link	Providers
https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485

History

Tue, 18 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Citrix

Published: 2023-02-16T00:00:00.000Z

Updated: 2025-03-18T19:12:52.294Z

Reserved: 2023-01-24T00:00:00.000Z

Link: CVE-2023-24484

Vulnrichment

Updated: 2024-08-02T10:56:04.298Z

NVD

Status : Modified

Published: 2023-02-16T18:15:11.900

Modified: 2025-03-18T20:15:18.673

Link: CVE-2023-24484

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24484", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "assignerShortName": "Citrix", "dateUpdated": "2025-03-18T19:12:52.294Z", "dateReserved": "2023-01-24T00:00:00.000Z", "datePublished": "2023-02-16T00:00:00.000Z"}, "containers": {"cna": {"title": "A malicious user can cause log files to be written to a directory that they do not have permission to write to.", "datePublic": "2023-02-15T00:00:00.000Z", "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2023-02-16T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."}], "affected": [{"vendor": "Citrix", "product": "Citrix Workspace App for Windows", "versions": [{"version": "Citrix Workspace App versions", "status": "affected", "lessThan": "2212", "versionType": "custom", "changes": [{"at": "2203 LTSR before CU2 ", "status": "unaffected"}, {"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ", "status": "unaffected"}]}]}], "references": [{"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.298Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T19:12:48.075216Z", "id": "CVE-2023-24484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T19:12:52.294Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.298Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-24484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-18T19:12:48.075216Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T19:12:44.096Z"}}], "cna": {"title": "A malicious user can cause log files to be written to a directory that they do not have permission to write to.", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Citrix", "product": "Citrix Workspace App for Windows", "versions": [{"status": "affected", "changes": [{"at": "2203 LTSR before CU2 ", "status": "unaffected"}, {"at": "1912 LTSR before CU7 Hotfix 2 (19.12.7002) ", "status": "unaffected"}], "version": "Citrix Workspace App versions", "lessThan": "2212", "versionType": "custom"}]}], "datePublic": "2023-02-15T00:00:00.000Z", "references": [{"url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"}], "workarounds": [{"lang": "en", "value": "These vulnerabilities are only exposed by a Windows Administrator or SYSTEM process (e.g. SCCM) performing the installation or uninstallation of a vulnerable version of Citrix Workspace App. Customers will only be affected by these vulnerabilities if they perform these actions using a vulnerable version of Citrix Workspace app for Windows."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "shortName": "Citrix", "dateUpdated": "2023-02-16T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-24484", "state": "PUBLISHED", "dateUpdated": "2025-03-18T19:12:52.294Z", "dateReserved": "2023-01-24T00:00:00.000Z", "assignerOrgId": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6", "datePublished": "2023-02-16T00:00:00.000Z", "assignerShortName": "Citrix"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:workspace:*:*:*:*:-:windows:*:*", "matchCriteriaId": "BF677539-1D84-4A05-A8AF-09723A3909D5", "versionEndExcluding": "2212", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:-:*:*:ltsr:windows:*:*", "matchCriteriaId": "554F6592-C252-4B1D-ABEF-C4EE7EACF061", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1:*:*:ltsr:windows:*:*", "matchCriteriaId": "3C032E97-4C37-4FE9-BD0E-3AC933489A5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu1-hf1:*:*:ltsr:windows:*:*", "matchCriteriaId": "AECFCE88-901F-4025-AF58-BC7A9207CF97", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu2:*:*:ltsr:windows:*:*", "matchCriteriaId": "179CEA0E-92D8-41A8-A2E2-B6808A2CAA25", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu3:*:*:ltsr:windows:*:*", "matchCriteriaId": "998E9AAF-E239-4861-8377-B62330FAB903", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu4:*:*:ltsr:windows:*:*", "matchCriteriaId": "37D106D3-119F-4194-8F16-C3317248A4D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu5:*:*:ltsr:windows:*:*", "matchCriteriaId": "3078BBCA-DC94-4B7A-8B74-C012DB4A98A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:1912:cu6:*:*:ltsr:windows:*:*", "matchCriteriaId": "D826A570-C5C3-4E67-BABE-E1999C2AB60B", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:-:*:*:ltsr:windows:*:*", "matchCriteriaId": "FEB0B74B-89A7-4194-8881-F35FEAE672BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:workspace:2203.1:cu1:*:*:ltsr:windows:*:*", "matchCriteriaId": "A1A14B8C-1B61-4682-AABE-4732B65E51BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious user can cause log files to be written to a directory that they do not have permission to write to."}], "id": "CVE-2023-24484", "lastModified": "2025-03-18T20:15:18.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-16T18:15:11.900", "references": [{"source": "secure@citrix.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.citrix.com/article/CTX477617/citrix-workspace-app-for-windows-security-bulletin-for-cve202324484-cve202324485"}], "sourceIdentifier": "secure@citrix.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "secure@citrix.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}