1. Home
  2. CVE Database
  3. CVE-2022-0484
HIGH · 8.8

CVE-2022-0484

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could ...

Vulnerability Description

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MirantisContainer Cloud Lens Extension>= 3.0.0, < 3.1.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2022-0484?

CVE-2022-0484 is a vulnerability with a CVSS score of 8.8 (HIGH). Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could ...

How severe is CVE-2022-0484?

CVE-2022-0484 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0484?

Check the references section above for vendor advisories and patch information. Affected products include: Mirantis Container Cloud Lens Extension.