CVE-2021-44458

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Lens versions 5.2.6 and earlier

Description The issue allows attackers to execute arbitrary commands as the Lens user by making websocket connections from the victim's browser to Lens, enabling operation of the local terminal feature, when a malicious website is visited.

Recommendations For Lens versions 5.2.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-346

Related Identifiers

CVE-2021-44458

Affected Products

Lens

CVE-2021-44458

Weakness Enumeration

Related Identifiers

Affected Products

References · 5