漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website
Vulnerability Description
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Lens 访问控制错误漏洞
Vulnerability Description
Lens是OpenLens 存储库的分发版,其中包含在传统EULA下发布的 Team Lens 特定定制。 Lens 存在授权问题漏洞,该漏洞源于缺少websocket身份验证导致访问恶意网站时远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A