6.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
26.2%
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user’s shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
[
{
"product": "Lens",
"vendor": "Mirantis",
"versions": [
{
"lessThanOrEqual": "5.3.3",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
]