CVE-2022-0484

EPSS 0.4%
Veröffentlicht 04.02.2022 23:15:12
Zuletzt bearbeitet 21.11.2024 06:38:45
Quelle psirt@mirantis.com
CVE-Watchlists
Login
Unerledigt
Login

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mirantis ≫ Container Cloud Lens Extension Version >= 3.0.0 < 3.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.597

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
psirt@mirantis.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/Mirantis/security/blob/main/advisories/0005.md

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0484

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0484

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0484

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-0484