{"id":"CVE-2022-0484","details":"Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1.","modified":"2026-04-12T05:16:26.394160Z","published":"2022-02-04T23:15:12.843Z","references":[{"type":"ADVISORY","url":"https://github.com/Mirantis/security/blob/main/advisories/0005.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mirantis/lens-extension-cc","events":[{"introduced":"ffe4e665923a610f72253d63b347357f4b4a3c53"},{"fixed":"4315713279d8a5e5f1a64c570a5b1aae298ca5c6"}],"database_specific":{"extracted_events":[{"introduced":"3.0.0"},{"fixed":"3.1.1"}],"cpe":"cpe:2.3:a:mirantis:container_cloud_lens_extension:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0484.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}