CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

09 Aug 2022, 00:51

Type Values Removed Values Added
CWE CWE-287 CWE-346

19 Jan 2022, 14:44

Type Values Removed Values Added
References (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 5.1
v3 : 9.6
CPE cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

10 Jan 2022, 16:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 16:15

Updated : 2024-02-04 22:08


NVD link : CVE-2021-44458

Mitre link : CVE-2021-44458

CVE.ORG link : CVE-2021-44458


JSON object : View

Products Affected

mirantis

  • lens

linux

  • linux_kernel
CWE
CWE-346

Origin Validation Error

CWE-287

Improper Authentication