Lucene search

[email protected]NVD:CVE-2023-46944

HistoryNov 28, 2023 - 10:15 p.m.

CVE-2023-46944

2023-11-2822:15:06

[email protected]

web.nvd.nist.gov

cve-2023-46944

gitkraken

gitlens

arbitrary code execution

visual studio code

workspace trust

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.6%

JSON

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.

Affected configurations

Nvd

Node

gitkrakengitlensRange<14.0.0visual_studio_code

VendorProductVersionCPE
gitkrakengitlens*cpe:2.3:a:gitkraken:gitlens:*:*:*:*:*:visual_studio_code:*:*

Vendor	Product	Version	CPE
gitkraken	gitlens	*	cpe:2.3:a:gitkraken:gitlens::::::visual_studio_code::*

References

github.com/gitkraken/vscode-gitlens/commit/ee2a0c42a92d33059a39fd15fbbd5dd3d5ab6440

www.sonarsource.com/blog/vscode-security-markdown-vulnerabilities-in-extensions/

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

60.6%

JSON

Related for NVD:CVE-2023-46944

osv1 cve1 zdt1 packetstorm1 prion1 cvelist1 metasploit1 rapid7blog1