CVE-2021-44458 — HIGH (8.3)

Q: How severe is CVE-2021-44458?

CVE-2021-44458 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-44458?

Check the references section above for vendor advisories and patch information. Affected products include: Mirantis Lens, Linux Linux Kernel.

Vulnerability Description

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mirantis	Lens	<= 5.2.6
Linux	Linux Kernel	-

Related Weaknesses (CWE)

CWE-346 CWE-287

References

https://github.com/Mirantis/security/blob/main/advisories/0001.mdThird Party Advisory
https://github.com/Mirantis/security/blob/main/advisories/0001.mdThird Party Advisory

FAQ

What is CVE-2021-44458?

CVE-2021-44458 is a vulnerability with a CVSS score of 8.3 (HIGH). Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate...

How severe is CVE-2021-44458?

CVE-2021-44458 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-44458?

Check the references section above for vendor advisories and patch information. Affected products include: Mirantis Lens, Linux Linux Kernel.