FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vscode -- VS Code Information Disclosure Vulnerability

Affected packages
vscode < 1.79.1


VuXML ID f0250129-fdb8-41ed-aa9e-661ff5026845
Discovery 2023-06-13
Entry 2023-06-13

VSCode developers reports:

VS Code Information Disclosure Vulnerability

A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.


CVE Name CVE-2023-33144