Externally Controlled Reference to a Resource in Another Sphere

CVE-2021-44041

High

9.8/10

Summary

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a networked or WebDAV file path.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

Advisory Timeline

Published Dec 14, 2021

Externally Controlled Reference to a Resource in Another Sphere

CVE-2021-44041

Summary

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS