CVE-2020-13884

HIGH

Citrix Workspace App < 2006.1 - Incorrect Default Permissions

Title source: rule

Description

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

Exploits (1)

nomisec WRITEUP 2 stars

by hessandrew · poc

https://github.com/hessandrew/CVE-2020-13884

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/hessandrew/CVE-2020-13884

Vendor Advisory x_refsource_confirm

https://support.citrix.com/article/CTX275460

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-276

Status published

Products (1)

citrix/workspace_app < 2006.1

Published Jun 08, 2020

Tracked Since Feb 18, 2026