exploitDog

CVE-2022-0484

Опубликовано: 04 фев. 2022

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

Ссылки

https://github.com/Mirantis/security/blob/main/advisories/0005.md
Third Party Advisory
https://github.com/Mirantis/security/blob/main/advisories/0005.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mirantis:container_cloud_lens_extension:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.1.1 (исключая)

EPSS

Процентиль: 60%

0.00397

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

CWE-20

Связанные уязвимости

GHSA-hr2m-fgfg-99wq

github

почти 4 года назад

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

EPSS

Процентиль: 60%

0.00397

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-20

CWE-20