In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
References
Link | Resource |
---|---|
https://github.com/Mirantis/security/blob/main/advisories/0003.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mirantis
Published: 2022-01-10T15:05:45
Updated: 2022-01-10T15:05:45
Reserved: 2022-01-10T00:00:00
Link: CVE-2021-23154
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-10T16:15:08.410
Modified: 2022-01-18T17:14:46.210
Link: CVE-2021-23154
JSON object: View
Redhat Information
No data.