Описание
Visual Studio Code Security Feature Bypass Vulnerability
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and some loss of integrity (I:L) and no loss of availability (A:N). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information, a token in this scenario (Confidentiality), and make some changes to disclosed information (Integrity), but they would not be able to affect Availability.
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass the Trusted Domain Service.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Visual Studio Code | ||
| Microsoft Visual Studio CoPilot Chat Extension |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.1 High
CVSS3
Связанные уязвимости
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
Уязвимость редактора исходного кода Visual Studio Code, связанная с использованием файлов и каталогов, доступных внешним сторонам, позволяющая получить несанкционированный доступ к защищаемой информации
EPSS
7.1 High
CVSS3