CVE-2021-44043 - OpenCVE

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Uipath	App Studio

Configuration 1 [-]

cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*

References

Link	Resource
https://docs.uipath.com/apps/v2021.10/docs/2021-10-1	Release Notes Vendor Advisory
https://docs.uipath.com/robot/docs/uipath-assistant	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-14T17:50:33

Updated: 2021-12-14T17:50:33

Reserved: 2021-11-19T00:00:00

Link: CVE-2021-44043

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-12-14T18:15:08.710

Modified: 2021-12-20T20:33:37.927

Link: CVE-2021-44043

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-14T17:50:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.uipath.com/robot/docs/uipath-assistant", "refsource": "MISC", "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}, {"name": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1", "refsource": "MISC", "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44043", "datePublished": "2021-12-14T17:50:33", "dateReserved": "2021-11-19T00:00:00", "dateUpdated": "2021-12-14T17:50:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "C8907194-1329-4F6D-90F3-6F218FA9333E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}, {"lang": "es", "value": "Se ha detectado un problema en UiPath App Studio versi\u00f3n 21.4.4. Se presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad file-upload para subir iconos al intentar crear nuevas Apps. Un atacante con privilegios m\u00ednimos en la aplicaci\u00f3n puede crear su propia App y subir un archivo malicioso que contenga una carga \u00fatil de tipo XSS, al subir un archivo arbitrario y modificando el tipo MIME en una petici\u00f3n HTTP posterior. Esto permite entonces que el archivo sea almacenado y recuperado del servidor por otros usuarios de la misma organizaci\u00f3n"}], "id": "CVE-2021-44043", "lastModified": "2021-12-20T20:33:37.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-14T18:15:08.710", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}