CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://docs.uipath.com/robot/docs/release-notes-2021-10-4	Release Notes Vendor Advisory
https://docs.uipath.com/robot/docs/uipath-assistant	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:uipath:assistant:21.4.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-12-14 18:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-44042

Mitre link : CVE-2021-44042

CVE.ORG link : CVE-2021-44042

JSON object : View

Products Affected

uipath

assistant

CWE

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2021-44042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-12-14T18:15:08.673", "references": [{"url": "https://docs.uipath.com/robot/docs/release-notes-2021-10-4", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.uipath.com/robot/docs/uipath-assistant", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the injected content does not match an existing process). A determined attacker could leverage this to execute JavaScript in the context of the Electron application."}, {"lang": "es", "value": "Se ha detectado un problema en UiPath Assistant versi\u00f3n 21.4.4. Los datos controlados por el usuario suministrados al argumento --process-start del manejeador de URI para uipath-assistant:// no est\u00e1n codificados correctamente, resultando en que se inyecte contenido controlado por el atacante en el mensaje de error mostrado (cuando el contenido inyectado no coincide con un proceso existente). Un atacante determinado podr\u00eda aprovechar esto para ejecutar JavaScript en el contexto de la aplicaci\u00f3n Electron"}], "lastModified": "2022-07-12T17:42:04.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uipath:assistant:21.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD11C5A9-956F-4B98-8712-C3085A055EC3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}