Описание
Visual Studio Code Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, a local attacker would need to determine which port Visual Studio Code is listening on for a targeted user.
The update address the vulnerability by modifying the way Visual Studio Code enables debug ports.
Возможность эксплуатации
Publicly Disclosed
Exploited
DOS
EPSS
Связанные уязвимости
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'.
Уязвимость редактора исходного кода Visual Studio Code, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS