CVE-2021-44458

HIGH

8.3

Description

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.

Details CVE

Score CVSS v3.18.3

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteHIGH

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie1/10/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

linux:linux_kernelmirantis:lens

Faiblesses (CWE)

CWE-287CWE-346

References

https://github.com/Mirantis/security/blob/main/advisories/0001.md(psirt@mirantis.com)

https://github.com/Mirantis/security/blob/main/advisories/0001.md(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.