CVE-2021-23154 - OpenCVE

In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Mirantis	Lens

Configuration 1 [-]

cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/Mirantis/security/blob/main/advisories/0003.md	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mirantis

Published: 2022-01-10T15:05:45

Updated: 2022-01-10T15:05:45

Reserved: 2022-01-10T00:00:00

Link: CVE-2021-23154

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-10T16:15:08.410

Modified: 2022-01-18T17:14:46.210

Link: CVE-2021-23154

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Lens", "vendor": "Mirantis", "versions": [{"lessThanOrEqual": "5.3.3", "status": "affected", "version": "5.3", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Eren Karahasan (locomoco.dev@gmail.com)"}], "descriptions": [{"lang": "en", "value": "In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-10T15:05:45", "orgId": "ac17a704-eccd-4263-a802-5cee95c1d547", "shortName": "Mirantis"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"}], "source": {"advisory": "0003", "discovery": "UNKNOWN"}, "title": "Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@mirantis.com", "ID": "CVE-2021-23154", "STATE": "PUBLIC", "TITLE": "Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lens", "version": {"version_data": [{"version_affected": "<=", "version_name": "5.3", "version_value": "5.3.3"}]}}]}, "vendor_name": "Mirantis"}]}}, "credit": [{"lang": "eng", "value": "Eren Karahasan (locomoco.dev@gmail.com)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Mirantis/security/blob/main/advisories/0003.md", "refsource": "MISC", "url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"}]}, "source": {"advisory": "0003", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547", "assignerShortName": "Mirantis", "cveId": "CVE-2021-23154", "datePublished": "2022-01-10T15:05:45", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2022-01-10T15:05:45", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7989204-84A9-4C25-AD85-16C11CE4B24F", "versionEndIncluding": "5.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system."}, {"lang": "es", "value": "En Lens versiones anteriores a 5.3.4, la configuraci\u00f3n personalizada de la carta helm crea comandos helm a partir de la concatenaci\u00f3n de cadenas de argumentos proporcionados que luego son ejecutados en el shell del usuario. Pueden proporcionarse argumentos que causen la ejecuci\u00f3n de comandos de shell arbitrarios en el sistema"}], "id": "CVE-2021-23154", "lastModified": "2022-01-18T17:14:46.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 5.9, "source": "psirt@mirantis.com", "type": "Secondary"}]}, "published": "2022-01-10T16:15:08.410", "references": [{"source": "psirt@mirantis.com", "tags": ["Third Party Advisory"], "url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"}], "sourceIdentifier": "psirt@mirantis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "psirt@mirantis.com", "type": "Secondary"}]}