Описание
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to a high loss of confidentiality (C:H), and integrity (I:H) and some loss of availability (A:L). What does that mean for this vulnerability?
An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio Code CoPilot Chat Extension |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.8 Medium
CVSS3
Связанные уязвимости
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
Уязвимость расширения GitHub Copilot Chat Extension редактора исходного кода Microsoft Visual Studio Code, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.8 Medium
CVSS3