CVE-2020-0900

4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.3%

top 44.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio Microsoft Microsoft Visual Studio 2017 Version 15.9 (includes 15.1 - 15.8)Microsoft Microsoft Visual Studio 2019 +5 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDmicrosoft/visual_studio_2015update_3

▶NVDmicrosoft/visual_studio_201715.9

▶NVDmicrosoft/visual_studio_201916.0, 16.4, 16.5.0+2

▶CVEListV5microsoft/microsoft_visual_studio2015 Update 3

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-m8rj-v5pg-g6vq: An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Stud↗2022-05-24

▶

CVEList

CVE-2020-0900: An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Stud↗2020-04-15

▶

📋Vendor Advisories

Microsoft

Visual Studio Extension Installer Service Elevation of Privilege Vulnerability↗2020-04-14

▶