An input-validation flaw exists in Visual Studio Code Maven Extension related to processing environment variables after opening a project that allows remote code execution. An attacker can convince a user to clone a specified repository and to open it in Visual Studio Code leading to code execution.
The update addresses the vulnerability by modifying the way the Visual Studio Code Maven Extension handles environment variables.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(139483);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/26");
script_cve_id("CVE-2020-0604");
script_xref(name:"IAVA", value:"2020-A-0366-S");
script_xref(name:"CEA-ID", value:"CEA-2020-0101");
script_name(english:"Security Update for Microsoft Visual Studio Code Maven Extension (August 2020)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is missing a security update.");
script_set_attribute(attribute:"description", value:
"An input-validation flaw exists in Visual Studio Code Maven Extension related to processing environment variables
after opening a project that allows remote code execution. An attacker can convince a user to clone a specified
repository and to open it in Visual Studio Code leading to code execution.
The update addresses the vulnerability by modifying the way the Visual Studio Code Maven Extension handles environment
variables.");
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0604
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2fbc0af8");
# https://github.com/microsoft/vscode-maven/blob/master/CHANGELOG.md
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e67673ac");
script_set_attribute(attribute:"solution", value:
"Please see Microsoft security advisory for patch-information");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0604");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/08/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio_code");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("microsoft_visual_studio_code_win_extensions_installed.nbin");
script_require_keys("installed_sw/Microsoft Visual Studio Code");
exit(0);
}
include('vcf.inc');
app_info = vcf::get_app_info(app:'vs-code::vscode-maven', win_local:TRUE);
vcf::check_granularity(app_info:app_info, sig_segments:3);
constraints = [
{ 'fixed_version' : '0.24.0' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | visual_studio_code | cpe:/a:microsoft:visual_studio_code |