Security Update: NR21-01 for Browser Agent

Summary

Browsers can render local files on a host machine by using the file:// URI scheme outlined in RFC 8089. During the agent’s harvest cycle , this file:// URI will be recorded as the pageURL datapoint. This may result in the collection of potentially sensitive data included in the local file path, such as directory path for the saved webpage and any name or company information in the directory path. More information regarding the file:// URI can be found in the RFC 8089

Mitigating factors

A person must both download a webpage with the Browser agent configured and open the file in a browser. HTML files loaded without the file:// URI scheme are not affected.

Workarounds