Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Lack of websocket authentication in Lens causes remote code execution when visiting a malicious website
Vulnerability Description
Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
认证机制不恰当
Vulnerability Title
Lens 访问控制错误漏洞
Vulnerability Description
Lens是OpenLens 存储库的分发版,其中包含在传统EULA下发布的 Team Lens 特定定制。 Lens 存在授权问题漏洞,该漏洞源于缺少websocket身份验证导致访问恶意网站时远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A