CVE-2020-1416

CWE-269 — Improper Privilege Management7 documents5 sources

Severity

8.8HIGH

EPSS

9.9%

top 7.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Microsoft Visual Studio Code +6 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/visual_studio_code< 1.47.1

▶CVEListV5microsoft/visual_studio_codeunspecified

▶NVDmicrosoft/visual_studio_201715.0 — 15.9.25

▶NVDmicrosoft/visual_studio_201916.0 — 16.0.16+2

▶CVEListV5microsoft/microsoft_visual_studio_201916.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-76cm-vv6x-f8wv: An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Vi↗2022-05-24

▶

CVEList

CVE-2020-1416: An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Vi↗2020-07-14

▶

📋Vendor Advisories

Microsoft

Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability↗2020-07-14

▶

💬Community

Bugzilla

CVE-2020-1925 olingo-odata: Server side request forgery in AsyncResponseWrapperImpl↗2020-01-13

▶

Bugzilla

CVE-2019-15225 envoy: crafted request with long URI allows remote attacker to cause denial of service↗2019-10-25

▶

Bugzilla

CVE-2019-14993 istio/envoy: mishandling regular expressions for long URIs leading to DoS↗2019-10-09

▶