CVE-2023-33144: Visual Studio Code Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.6)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Jun

Released

2023-06-13

EPSS Score

0.72% (percentile: 72.5%)

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authenticated attacker would have to send the victim a malicious file that the victim would have to open with Visual Studio Code.

Affected Products (1)

Developer Tools

• Visual Studio Code

Security Updates (1)

• Release Notes

Acknowledgments

<a href="https://twitter.com/justinsteven">Justin Steven</a>

Revision History

• 2023-06-13: Information published.