Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
References
Link | Resource |
---|---|
https://github.com/Mirantis/security/blob/main/advisories/0001.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mirantis
Published: 2022-01-10T15:05:44
Updated: 2022-01-10T15:05:44
Reserved: 2022-01-10T00:00:00
Link: CVE-2021-44458
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-10T16:15:09.673
Modified: 2022-08-09T00:51:42.403
Link: CVE-2021-44458
JSON object: View
Redhat Information
No data.