Lucene search

MirantisCVELIST:CVE-2022-0484

HistoryFeb 04, 2022 - 10:29 p.m.

CVE-2022-0484 Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs

2022-02-0422:29:20

CWE-20

Mirantis

www.cve.org

cve-2022-0484

url validation

mirantis container cloud lens extension

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

CNA Affected

[
  {
    "product": "Mirantis Container Cloud Lens Extension",
    "vendor": "Mirantis",
    "versions": [
      {
        "lessThan": "v3.1.1",
        "status": "affected",
        "version": "v3",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/Mirantis/security/blob/main/advisories/0005.md

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

58.3%

JSON

Related for CVELIST:CVE-2022-0484