CVE-2021-44458

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

19 Jan 2022, 14:44

Type Values Removed Values Added
References (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - (MISC) https://github.com/Mirantis/security/blob/main/advisories/0001.md - Third Party Advisory
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 5.1
v3 : 9.6
First Time Linux linux Kernel
Mirantis lens
Linux
Mirantis

10 Jan 2022, 16:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 16:15

Updated : 2022-01-19 14:44


NVD link : CVE-2021-44458

Mitre link : CVE-2021-44458


JSON object : View

Products Affected

mirantis

  • lens

linux

  • linux_kernel
CWE
CWE-287

Improper Authentication