CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0484

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2022-0484

Mirantis » Container Cloud Lens Extension » Version: 3.0.0

cpe:2.3:a:mirantis:container_cloud_lens_extension:3.0.0
Mirantis » Container Cloud Lens Extension » Version: 3.0.2

cpe:2.3:a:mirantis:container_cloud_lens_extension:3.0.2
Mirantis » Container Cloud Lens Extension » Version: 3.0.3

cpe:2.3:a:mirantis:container_cloud_lens_extension:3.0.3
Mirantis » Container Cloud Lens Extension » Version: 3.0.4

cpe:2.3:a:mirantis:container_cloud_lens_extension:3.0.4
Mirantis » Container Cloud Lens Extension » Version: 3.1.0

cpe:2.3:a:mirantis:container_cloud_lens_extension:3.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-0484

Products

Pricing

Contact Us