Описание
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
An authorized attacker with standard user privileges could place a malicious file on the machine running Visual Studio Code and then wait for the privileged victim to use certain JavaScript debugger functionality.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain the rights of the user that is running the affected application.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Visual Studio Code - JS Debug Extension |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability
Уязвимость расширения Visual Studio Code JS Debug редактора исходного кода Visual Studio Code, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.3 High
CVSS3