CVE-2023-29338: Visual Studio Code Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.6)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-May

Released

2023-05-09

EPSS Score

0.73% (percentile: 72.6%)

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required  is low (PR:L). What does that mean for this vulnerability? An authorized attacker must send the user a malicious file and convince the user to open it.

Affected Products (1)

Developer Tools

• Visual Studio Code

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://blog.xlab.app/">xinyue.hu</a> with <a href="https://www.chaitin.cn/">Chaitin</a>, <a href="https://blog.xlab.app/">xinyue.hu</a> with <a href="https://www.chaitin.cn/">Chaitin</a>

Revision History

• 2023-05-09: Information published.