CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory () https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory
CVSS v2 : 5.1
v3 : 9.6
v2 : 5.1
v3 : 8.3

Information

Published : 2022-01-10 16:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44458

Mitre link : CVE-2021-44458

CVE.ORG link : CVE-2021-44458


JSON object : View

Products Affected

mirantis

  • lens

linux

  • linux_kernel
CWE
CWE-287

Improper Authentication

CWE-346

Origin Validation Error