Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
References
Link | Resource |
---|---|
https://github.com/Mirantis/security/blob/main/advisories/0005.md | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mirantis
Published: 2022-02-03T00:00:00
Updated: 2022-02-04T22:29:20
Reserved: 2022-02-03T00:00:00
Link: CVE-2022-0484
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-04T23:15:12.843
Modified: 2022-02-09T19:35:51.577
Link: CVE-2022-0484
JSON object: View
Redhat Information
No data.
CWE