Описание
Visual Studio Code Information Disclosure Vulnerability
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
In this case, a successful attack can break out of the Visual Studio Code Workspace Trust feature. See Workspace Trust for more information.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have be enticed to open a malicious link rendered in a VSCode extension. Users should never open anything that they do not know or trust to be safe.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.4 High
CVSS3
Связанные уязвимости
Visual Studio Code Information Disclosure Vulnerability
EPSS
7.4 High
CVSS3