Vulnerability of plugins for Git control and history visualization: GitKraken, GitLens, the source code editor Visual Studio Code, allowing the intruder to execute arbitrary code.

🗓️ 07 May 2024 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability exists in GitKraken and GitLens plugins for Visual Studio Code and allows code execution via a crafted file.

Reporter	Title	Published	Views	Family All 14
0day.today	GitLens Git Local Configuration Execution Exploit	23 Apr 202400:00	–	zdt
ATTACKERKB	CVE-2023-46944	28 Nov 202322:15	–	attackerkb
Circl	CVE-2023-46944	20 Dec 202309:42	–	circl
CNNVD	GitLens Security Breach	28 Nov 202300:00	–	cnnvd
CVE	CVE-2023-46944	28 Nov 202300:00	–	cve
Cvelist	CVE-2023-46944	28 Nov 202300:00	–	cvelist
EUVD	EUVD-2023-51105	3 Oct 202520:07	–	euvd
Metasploit	GitLens Git Local Configuration Exec	19 Apr 202419:51	–	metasploit
NVD	CVE-2023-46944	28 Nov 202322:15	–	nvd
Packet Storm	GitLens Git Local Configuration Execution	23 Apr 202400:00	–	packetstorm

Vulners

Node

gitkraken gitlensRange<14.0.0

Source	Link
github	www.github.com/gitkraken/vscode-gitlens/commit/ee2a0c42a92d33059a39fd15fbbd5dd3d5ab6440
sonarsource	www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/
web	www.web.nvd.nist.gov/view/vuln/detail

07 May 2024 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 27.2

CVSS 37.8

EPSS0.01239

GitKraken plugin GitLens plugin Visual Studio Code crafted file code execution input validation