CVE-2022-0484

Name of the Vulnerable Software and Affected Versions Mirantis Container Cloud Lens Extension versions prior to v3.1.1

Description The issue is caused by a lack of validation of URLs, which allows an attacker to induce the victim to add a new cluster via a malicious URL. This could lead to the opening of external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver serving a malicious Mirantis Container Cloud configuration file.

Recommendations For versions prior to v3.1.1, update to version v3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the addition of new clusters via URLs to minimize the risk of exploitation. Avoid using untrusted URLs when adding new clusters until the issue is resolved.