FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vscode -- Visual Studio Code Information Disclosure Vulnerability

Affected packages
vscode < 1.78.1

Details

VuXML ID 7913fe6d-2c6e-40ba-a7d7-35696f3db2b6
Discovery 2023-05-09
Entry 2023-05-10

secure@microsoft.com reports:

Visual Studio Code Information Disclosure Vulnerability

A information disclosure vulnerability exists in VS Code 1.78.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

References

CVE Name CVE-2023-29338
URL https://github.com/microsoft/vscode/security/advisories/GHSA-mmfh-4pv3-39hr
URL https://nvd.nist.gov/vuln/detail/CVE-2023-29338