CVE-2022-0484

Published: Feb 4, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

Affected (1)

Products: Mirantis: Container Cloud Lens Extension

1 product

Container Cloud Lens Extension

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mirantis Container Cloud Lens Extension	From 3.0.0 to 3.1.1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/Mirantis/security/blob/main/advisories/0005.md

Source: psirt@mirantis.com

Third Party Advisory

https://github.com/Mirantis/security/blob/main/advisories/0005.md

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.