CVE-2021-44458
HIGHMirantis Lens < 5.2.6 - Unauthenticated Remote Code Execution via WebSocket Terminal Feature
Title source: llmDescription
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/Mirantis/security/blob/main/advisories/0001.md
Scores
CVSS v3
8.3
EPSS
0.0043
EPSS Percentile
34.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-346
Status
published
Products (1)
mirantis/lens
< 5.2.6
Published
Jan 10, 2022
Tracked Since
Feb 18, 2026