CVE-2019-1486

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 47.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio Live Share Microsoft Visual Studio 2019 Microsoft Microsoft Visual Studio 2019 +2 more

Timeline

PublishedDec 10

Latest updateMay 24

Description

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶NVDmicrosoft/visual_studio_live_share< 1.0.1374

▶CVEListV5microsoft/microsoft_visual_studio_live_share_extensionunspecified

▶NVDmicrosoft/visual_studio_201916.0 — 16.4

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.4_(includes_16.0_-_16.3)unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3xvp-fcxr-3mvq: A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified↗2022-05-24

▶

CVEList

CVE-2019-1486: A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified↗2019-12-10

▶

📋Vendor Advisories

Microsoft

Visual Studio Live Share Spoofing Vulnerability↗2019-12-10

▶