Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-49049

7.1HIGH

Key Information:

Vendor
Microsoft
Status
Visual Studio Code Remote - Ssh Extension
Vendor
CVE Published:
12 November 2024

Summary

A security vulnerability exists in Visual Studio Code Remote Extension that allows for elevation of privilege under certain conditions. Exploiting this vulnerability could enable an attacker to gain elevated access to system resources or perform unauthorized actions. It is vital for users of Visual Studio Code to apply the latest updates to mitigate potential risks associated with this vulnerability. For further details and remediation steps, refer to the official Microsoft security advisory.

Affected Version(s)

Visual Studio Code Remote - SSH Extension Unknown 1.0.0 < 0.115.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.