Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Mirantis Container Cloud Lens Extension by Mirantis

    CVE-2022-0484 (GCVE-0-2022-0484)

    Vulnerability from nvd – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:49
    VLAI
    Title
    Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs
    Summary
    Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Date Public
    2022-02-03 00:00
    Credits
    Mirantis PSIRT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:45.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mirantis Container Cloud Lens Extension",
              "vendor": "Mirantis",
              "versions": [
                {
                  "lessThan": "v3.1.1",
                  "status": "affected",
                  "version": "v3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mirantis PSIRT"
            }
          ],
          "datePublic": "2022-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:29:20.000Z",
            "orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
            "shortName": "Mirantis"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
            }
          ],
          "source": {
            "advisory": "0005",
            "discovery": "INTERNAL"
          },
          "title": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mirantis.com",
              "DATE_PUBLIC": "2022-02-03T17:30:00.000Z",
              "ID": "CVE-2022-0484",
              "STATE": "PUBLIC",
              "TITLE": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mirantis Container Cloud Lens Extension",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "v3",
                                "version_value": "v3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mirantis"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mirantis PSIRT"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Mirantis/security/blob/main/advisories/0005.md",
                  "refsource": "MISC",
                  "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
                }
              ]
            },
            "source": {
              "advisory": "0005",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
        "assignerShortName": "Mirantis",
        "cveId": "CVE-2022-0484",
        "datePublished": "2022-02-04T22:29:20.398Z",
        "dateReserved": "2022-02-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:13.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-0484 (GCVE-0-2022-0484)

    Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-09-16 16:49
    VLAI
    Title
    Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs
    Summary
    Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Date Public
    2022-02-03 00:00
    Credits
    Mirantis PSIRT
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T23:32:45.920Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Mirantis Container Cloud Lens Extension",
              "vendor": "Mirantis",
              "versions": [
                {
                  "lessThan": "v3.1.1",
                  "status": "affected",
                  "version": "v3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Mirantis PSIRT"
            }
          ],
          "datePublic": "2022-02-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-04T22:29:20.000Z",
            "orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
            "shortName": "Mirantis"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
            }
          ],
          "source": {
            "advisory": "0005",
            "discovery": "INTERNAL"
          },
          "title": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@mirantis.com",
              "DATE_PUBLIC": "2022-02-03T17:30:00.000Z",
              "ID": "CVE-2022-0484",
              "STATE": "PUBLIC",
              "TITLE": "Improper URL Validation causes Mirantis Container Cloud Lens Extension to open external programs"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Mirantis Container Cloud Lens Extension",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "v3",
                                "version_value": "v3.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Mirantis"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Mirantis PSIRT"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20 Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/Mirantis/security/blob/main/advisories/0005.md",
                  "refsource": "MISC",
                  "url": "https://github.com/Mirantis/security/blob/main/advisories/0005.md"
                }
              ]
            },
            "source": {
              "advisory": "0005",
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
        "assignerShortName": "Mirantis",
        "cveId": "CVE-2022-0484",
        "datePublished": "2022-02-04T22:29:20.398Z",
        "dateReserved": "2022-02-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:13.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }