{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T00:43:41.813","vulnerabilities":[{"cve":{"id":"CVE-2021-23154","sourceIdentifier":"psirt@mirantis.com","published":"2022-01-10T16:15:08.410","lastModified":"2024-11-21T05:51:17.680","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system."},{"lang":"es","value":"En Lens versiones anteriores a 5.3.4, la configuración personalizada de la carta helm crea comandos helm a partir de la concatenación de cadenas de argumentos proporcionados que luego son ejecutados en el shell del usuario. Pueden proporcionarse argumentos que causen la ejecución de comandos de shell arbitrarios en el sistema"}],"metrics":{"cvssMetricV31":[{"source":"psirt@mirantis.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.3,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@mirantis.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mirantis:lens:*:*:*:*:*:*:*:*","versionEndIncluding":"5.3.3","matchCriteriaId":"D7989204-84A9-4C25-AD85-16C11CE4B24F"}]}]}],"references":[{"url":"https://github.com/Mirantis/security/blob/main/advisories/0003.md","source":"psirt@mirantis.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Mirantis/security/blob/main/advisories/0003.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}