Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided
Vulnerability Description
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Lens 操作系统命令注入漏洞
Vulnerability Description
Lens是OpenLens 存储库的分发版,其中包含在传统EULA下发布的 Team Lens 特定定制。 Lens 5.3.4 之前的版本中存在操作系统命令注入漏洞,该漏洞源于自定义 helm 图表配置从提供的参数的字符串连接创建 helm 命令,然后在用户的 shell 中执行。攻击者可以提供导致任意 shell 命令在系统上运行的参数。
CVSS Information
N/A
Vulnerability Type
N/A