CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory () https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory
CVSS v2 : 5.1
v3 : 9.6
v2 : 5.1
v3 : 8.3

09 Aug 2022, 00:51

Type Values Removed Values Added
CWE CWE-287 CWE-346

19 Jan 2022, 14:44

Type Values Removed Values Added
References (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 5.1
v3 : 9.6
CPE cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

10 Jan 2022, 16:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 16:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44458

Mitre link : CVE-2021-44458

CVE.ORG link : CVE-2021-44458


JSON object : View

Products Affected

mirantis

  • lens

linux

  • linux_kernel
CWE
CWE-287

Improper Authentication

CWE-346

Origin Validation Error