Описание
GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this remote code execution vulnerability?
An authenticated attacker could place a malicious file in the targeted repo. The user would then have to trust the file on Visual Studio Code and ask for assistance from GitHub Copilot.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8 High
CVSS3
Связанные уязвимости
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network.
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature over a network.
Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с ошибками разграничения доступа, позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3