CVE-2021-23154 (GCVE-0-2021-23154)
Vulnerability from cvelistv5 – Published: 2022-01-10 15:05 – Updated: 2024-08-03 18:58
VLAI?
Summary
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
Severity ?
6.3 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Eren Karahasan (locomoco.dev@gmail.com)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Lens",
"vendor": "Mirantis",
"versions": [
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eren Karahasan (locomoco.dev@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user\u0027s shell. Arguments can be provided which cause arbitrary shell commands to run on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-10T15:05:45",
"orgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"shortName": "Mirantis"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"
}
],
"source": {
"advisory": "0003",
"discovery": "UNKNOWN"
},
"title": "Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mirantis.com",
"ID": "CVE-2021-23154",
"STATE": "PUBLIC",
"TITLE": "Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Lens",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.3",
"version_value": "5.3.3"
}
]
}
}
]
},
"vendor_name": "Mirantis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eren Karahasan (locomoco.dev@gmail.com)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user\u0027s shell. Arguments can be provided which cause arbitrary shell commands to run on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mirantis/security/blob/main/advisories/0003.md",
"refsource": "MISC",
"url": "https://github.com/Mirantis/security/blob/main/advisories/0003.md"
}
]
},
"source": {
"advisory": "0003",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ac17a704-eccd-4263-a802-5cee95c1d547",
"assignerShortName": "Mirantis",
"cveId": "CVE-2021-23154",
"datePublished": "2022-01-10T15:05:45",
"dateReserved": "2022-01-10T00:00:00",
"dateUpdated": "2024-08-03T18:58:26.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.3.3\", \"matchCriteriaId\": \"D7989204-84A9-4C25-AD85-16C11CE4B24F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user\u0027s shell. Arguments can be provided which cause arbitrary shell commands to run on the system.\"}, {\"lang\": \"es\", \"value\": \"En Lens versiones anteriores a 5.3.4, la configuraci\\u00f3n personalizada de la carta helm crea comandos helm a partir de la concatenaci\\u00f3n de cadenas de argumentos proporcionados que luego son ejecutados en el shell del usuario. Pueden proporcionarse argumentos que causen la ejecuci\\u00f3n de comandos de shell arbitrarios en el sistema\"}]",
"id": "CVE-2021-23154",
"lastModified": "2024-11-21T05:51:17.680",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"psirt@mirantis.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-01-10T16:15:08.410",
"references": "[{\"url\": \"https://github.com/Mirantis/security/blob/main/advisories/0003.md\", \"source\": \"psirt@mirantis.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/Mirantis/security/blob/main/advisories/0003.md\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "psirt@mirantis.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"psirt@mirantis.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23154\",\"sourceIdentifier\":\"psirt@mirantis.com\",\"published\":\"2022-01-10T16:15:08.410\",\"lastModified\":\"2024-11-21T05:51:17.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user\u0027s shell. Arguments can be provided which cause arbitrary shell commands to run on the system.\"},{\"lang\":\"es\",\"value\":\"En Lens versiones anteriores a 5.3.4, la configuraci\u00f3n personalizada de la carta helm crea comandos helm a partir de la concatenaci\u00f3n de cadenas de argumentos proporcionados que luego son ejecutados en el shell del usuario. Pueden proporcionarse argumentos que causen la ejecuci\u00f3n de comandos de shell arbitrarios en el sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@mirantis.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.3,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@mirantis.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.3.3\",\"matchCriteriaId\":\"D7989204-84A9-4C25-AD85-16C11CE4B24F\"}]}]}],\"references\":[{\"url\":\"https://github.com/Mirantis/security/blob/main/advisories/0003.md\",\"source\":\"psirt@mirantis.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/Mirantis/security/blob/main/advisories/0003.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…