Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Citrix
  • Workspace

Configuration 1 [-]

cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*

No data.

References
Link Providers
https://support.citrix.com/article/CTX678037 cve-icon cve-icon
History

Tue, 25 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-276
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Sep 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Citrix
Citrix workspace
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:citrix:workspace:*:*:*:*:*:html5:*:*
Vendors & Products Citrix
Citrix workspace
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Citrix

Published:

Updated: 2025-03-25T16:40:45.148Z

Reserved: 2024-06-18T21:14:31.903Z

Link: CVE-2024-6148

cve-icon Vulnrichment

Updated: 2024-08-01T21:33:04.870Z

cve-icon NVD

Status : Modified

Published: 2024-07-10T21:15:10.730

Modified: 2025-03-25T17:16:12.373

Link: CVE-2024-6148

cve-icon Redhat

No data.