CVE-2022-41083: Visual Studio Code Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Oct

Released

2022-10-11

EPSS Score

4.40% (percentile: 89.0%)

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could execute code in the context of another Visual Studio Code user on the vulnerable system.

Affected Products (1)

Developer Tools

• Jupyter Extension for Visual Studio Code

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://github.com/ycdxsb">ycdxsb</a> with <a href="http://www.iie.ac.cn/">VARAS@IIE</a>

Revision History

• 2022-10-11: Information published.