• /
  • EnglishEspañol日本語한국어Português
  • Inicia sesiónComenzar ahora

Security Bulletin NR21-01

Summary

A security update to the browser agent will detect file:// URI schemes and stop any further execution and data collection if found.

Release date: March 9th, 2021

Vulnerability identifier: NR21-01

Priority: Medium

Affected software

The following New Relic agent versions are affected:

Name

Affected version

Remediated version

Browser agent

< v1205

v1208

Vulnerability information

Browsers can render local files on a host machine by using the file:// URI scheme outlined in RFC 8089. During the agent's harvest cycle , this file:// URI will be recorded as the pageURL datapoint. This may result in the collection of potentially sensitive data included in the local file path, such as directory path for the saved webpage and any name or company information in the directory path. More information regarding the file:// URI can be found in the RFC 8089

Mitigating factors

A person must both download a webpage with the browser agent configured and open the file in a browser. HTML files loaded without the file:// URI scheme are not affected.

Workarounds

Report security vulnerabilities to New Relic

New Relic is committed to the security of our customers and your data. If you believe you have found a security vulnerability in one of our products or websites, we welcome and greatly appreciate you reporting it to New Relic's coordinated disclosure program. For more information, see our documentation about reporting security vulnerabilities.

Copyright © 2024 New Relic Inc.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.