CVE-2021-23154
MEDIUMLens < 5.3.3 - OS Command Injection via Helm Chart Configuration
Title source: llmDescription
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/Mirantis/security/blob/main/advisories/0003.md
Scores
CVSS v3
6.3
EPSS
0.0060
EPSS Percentile
44.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
CWE-94
Status
published
Products (1)
mirantis/lens
< 5.3.3
Published
Jan 10, 2022
Tracked Since
Feb 18, 2026