← voltar
CVE-2022-0484

Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs

CVSS 8.8 HIGHEPSS 1.0%CWE-20
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 fev 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Mirantis · Mirantis Container Cloud Lens Extension

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Mirantis/security/blob/main/advisories/0005.md