Improper Neutralization of Encoded URI Schemes in a Web Page

CVE-2024-42184

Low

2.5/10

Summary

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web Page

The web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.

References

Advisory Timeline

Published Jan 23, 2025

Improper Neutralization of Encoded URI Schemes in a Web Page

CVE-2024-42184

Summary

CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web Page

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS