Search criteria
2 vulnerabilities found for Mirantis Container Cloud Lens Extension by Mirantis
CVE-2022-0484 (GCVE-0-2022-0484)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:49
VLAI?
Title
Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs
Summary
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirantis | Mirantis Container Cloud Lens Extension |
Affected:
v3 , < v3.1.1
(custom)
|
Credits
Mirantis PSIRT
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mirantis Container Cloud Lens Extension",
"vendor": "Mirantis",
"versions": [
{
"lessThan": "v3.1.1",
"status": "affected",
"version": "v3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mirantis PSIRT"
}
],
"datePublic": "2022-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:20",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
],
"source": {
"advisory": "0005",
"discovery": "INTERNAL"
},
"title": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"DATE_PUBLIC": "2022-02-03T17:30:00.000Z",
"ID": "CVE-2022-0484",
"STATE": "PUBLIC",
"TITLE": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mirantis Container Cloud Lens Extension",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "v3",
"version_value": "v3.1.1"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mirantis PSIRT"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0005.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
]
},
"source": {
"advisory": "0005",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2022-0484",
"datePublished": "2022-02-04T22:29:20.398959Z",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-09-16T16:49:13.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0484 (GCVE-0-2022-0484)
Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:49
VLAI?
Title
Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs
Summary
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mirantis | Mirantis Container Cloud Lens Extension |
Affected:
v3 , < v3.1.1
(custom)
|
Credits
Mirantis PSIRT
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:45.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mirantis Container Cloud Lens Extension",
"vendor": "Mirantis",
"versions": [
{
"lessThan": "v3.1.1",
"status": "affected",
"version": "v3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mirantis PSIRT"
}
],
"datePublic": "2022-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:20",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
],
"source": {
"advisory": "0005",
"discovery": "INTERNAL"
},
"title": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"DATE_PUBLIC": "2022-02-03T17:30:00.000Z",
"ID": "CVE-2022-0484",
"STATE": "PUBLIC",
"TITLE": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mirantis Container Cloud Lens Extension",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "v3",
"version_value": "v3.1.1"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mirantis PSIRT"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0005.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
}
]
},
"source": {
"advisory": "0005",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2022-0484",
"datePublished": "2022-02-04T22:29:20.398959Z",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-09-16T16:49:13.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}