CVE-2022-0484
Last modified
CVE-2022-0484 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mirantis | Container Cloud Lens Extension | >= 3.0.0, < 3.1.1 |
References
- https://github.com/Mirantis/security/blob/main/advisories/0005.mdThird Party Advisory
- https://github.com/Mirantis/security/blob/main/advisories/0005.mdThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-0484?
How severe is CVE-2022-0484?
How do I fix CVE-2022-0484?
Are you affected by CVE-2022-0484?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST