CVE-2021-22914
First published: Wed Jun 16 2021(Updated: )
Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue affects all versions of Citrix Cloud Connector that were installed by passing secure client parameters for installation via the command line. The issue does not affect Citrix Cloud Connector if it was installed using the interactive installer or where a parameter file was used with the command-line installer.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Cloud Connector | <6.31.0.62192 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-22914?
CVE-2021-22914 is classified as a minor vulnerability due to the risk of sensitive information exposure.
How do I fix CVE-2021-22914?
To fix CVE-2021-22914, upgrade Citrix Cloud Connector to version 6.31.0.62192 or later.
What information is at risk in CVE-2021-22914?
CVE-2021-22914 risks the exposure of sensitive information stored in installation log files.
Who is affected by CVE-2021-22914?
CVE-2021-22914 affects users of Citrix Cloud Connector versions prior to 6.31.0.62192.
Can CVE-2021-22914 be exploited remotely?
Yes, CVE-2021-22914 can potentially be exploited remotely if a malicious actor gains access to the log files.
- collector/nvd-index
- agent/weakness
- vendor/citrix
- canonical/citrix cloud connector