CVE-2021-44458

Published: Jan 10, 2022Modified: Nov 21, 2024

9.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 6.0

Source: NVD

Description

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.

Affected (1)

Products: Mirantis: Lens

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mirantis Lens	Up to 5.2.6

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

References (2)

https://github.com/Mirantis/security/blob/main/advisories/0001.md

Source: psirt@mirantis.com

Third Party Advisory

https://github.com/Mirantis/security/blob/main/advisories/0001.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.