Описание
Visual Studio Code Elevation of Privilege Vulnerability
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could execute code in the context of another Visual Studio Code user on the vulnerable system.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
6.8 Medium
CVSS3
Связанные уязвимости
Уязвимость редактора исходного кода Visual Studio Code, связанная с недостатками контроля доступа, позволяющая нарушителю повысить свои привилегии
6.8 Medium
CVSS3