CVE-2023-36018: Visual Studio Code Jupyter Extension Spoofing Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Nov

Released

2023-11-14

Last Updated

2024-01-18

EPSS Score

1.61% (percentile: 81.7%)

FAQ

According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.

Affected Products (1)

Developer Tools

• Jupyter Extension for Visual Studio Code

Security Updates (1)

• Release Notes

Acknowledgments

Ben Ta, Panayiotis Gavriil

Revision History

• 2023-11-14: Information published.
• 2024-01-18: Added acknowledgements. This is an informational change only.