CVE-2021-44458
8.3
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mirantis | Lens | 5.2 <= 5.2.6 | affected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.