Visual Studio Code Elevation of Privilege Vulnerability - CVE-2020-1343ID: oval:org.secpod.oval:def:63909 | Date: (C)2020-06-22 (M)2023-08-14 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text. To exploit the vulnerability, an attacker would need to perform a successful capture of the tokens from client to proxy, where specific proxy settings are being used, making this very difficult to exploit. The update address the vulnerability by modifying the way Visual Studio Code Live Share communicates with clients to proxies.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 10 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Product: |
Visual Studio Code Live Share Extension |