CVE-2021-44043 - OpenCVE

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Uipath	App Studio

Configuration 1 [-]

cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.uipath.com/apps/v2021.10/docs/2021-10-1
https://docs.uipath.com/robot/docs/uipath-assistant

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-14T17:50:33

Updated: 2024-08-04T04:10:17.298Z

Reserved: 2021-11-19T00:00:00

Link: CVE-2021-44043

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-14T18:15:08.710

Modified: 2021-12-20T20:33:37.927

Link: CVE-2021-44043

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-14T17:50:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-44043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.uipath.com/robot/docs/uipath-assistant", "refsource": "MISC", "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}, {"name": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1", "refsource": "MISC", "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:17.298Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-44043", "datePublished": "2021-12-14T17:50:33", "dateReserved": "2021-11-19T00:00:00", "dateUpdated": "2024-08-04T04:10:17.298Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uipath:app_studio:21.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "C8907194-1329-4F6D-90F3-6F218FA9333E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization."}, {"lang": "es", "value": "Se ha detectado un problema en UiPath App Studio versi\u00f3n 21.4.4. Se presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad file-upload para subir iconos al intentar crear nuevas Apps. Un atacante con privilegios m\u00ednimos en la aplicaci\u00f3n puede crear su propia App y subir un archivo malicioso que contenga una carga \u00fatil de tipo XSS, al subir un archivo arbitrario y modificando el tipo MIME en una petici\u00f3n HTTP posterior. Esto permite entonces que el archivo sea almacenado y recuperado del servidor por otros usuarios de la misma organizaci\u00f3n"}], "id": "CVE-2021-44043", "lastModified": "2021-12-20T20:33:37.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-14T18:15:08.710", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.uipath.com/apps/v2021.10/docs/2021-10-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.uipath.com/robot/docs/uipath-assistant"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}