CVE-2021-44043

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://docs.uipath.com/apps/v2021.10/docs/2021-10-1	Release Notes Vendor Advisory
https://docs.uipath.com/robot/docs/uipath-assistant	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-14 18:15

Updated : 2021-12-20 20:33

NVD link : CVE-2021-44043

Mitre link : CVE-2021-44043

CVE.ORG link : CVE-2021-44043

JSON object : View

Products Affected

uipath

app_studio

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-44043", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-12-14T18:15:08.710", "references": [{"url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.uipath.com/robot/docs/uipath-assistant", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}, {"lang": "es", "value": "Se ha detectado un problema en UiPath App Studio versi\u00f3n 21.4.4. Se presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad file-upload para subir iconos al intentar crear nuevas Apps. Un atacante con privilegios m\u00ednimos en la aplicaci\u00f3n puede crear su propia App y subir un archivo malicioso que contenga una carga \u00fatil de tipo XSS, al subir un archivo arbitrario y modificando el tipo MIME en una petici\u00f3n HTTP posterior. Esto permite entonces que el archivo sea almacenado y recuperado del servidor por otros usuarios de la misma organizaci\u00f3n"}], "lastModified": "2021-12-20T20:33:37.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8907194-1329-4F6D-90F3-6F218FA9333E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}