ISN 2023-01: Citrix Workspace App Vulnerability
Updated 28th February 2023 (Citrix advises updating to CWA 2302 as the only fix)
First published 20 February 2023
CVSS 3.1 High
CVSS:3.1 n/a
Summary
A vulnerability has been found in the Citrix Workspace App (CWA) for Linux in versions before 2302. The following IGEL products are affected:
- IGEL OS 11
Details
Citrix advises that there is a vulnerability in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. This issue affects all supported versions of Citrix Workspace app for Linux before 2302.
Update Instructions
- Update to IGEL OS version 11.08.255, which contains CWA 2302, and use this version. It is available to IGEL customers as a private build from IGEL Customer Engineering.
References
- Citrix Workspace app for Linux Security Bulletin for CVE-2023-24486: https://support.citrix.com/article/CTX477618/citrix-workspace-app-for-linux-security-bulletin-for-cve202324486