Vulnerability-Lookup

CNVD-2019-45912

Vulnerability from cnvd - Published: 2019-12-18

Title

Microsoft Visual Studio Code存在未明漏洞

Description

Microsoft Visual Studio Code是美国微软（Microsoft）公司的一款开源的代码编辑器。 Microsoft Visual Studio Code中存在安全漏洞，攻击者可利用该漏洞以用户身份执行任意代码。

Severity

中

Patch Name

Microsoft Visual Studio Code存在未明漏洞的补丁

Patch Description

Microsoft Visual Studio Code是美国微软（Microsoft）公司的一款开源的代码编辑器。 Microsoft Visual Studio Code中存在安全漏洞，攻击者可利用该漏洞以用户身份执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/github/vscode-codeql/pull/174

Reference

https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q

Impacted products

Name
Microsoft Visual Studio Code <1.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-16765"
    }
  },
  "description": "Microsoft Visual Studio Code\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u4ee3\u7801\u7f16\u8f91\u5668\u3002\n\nMicrosoft Visual Studio Code\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u8eab\u4efd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/github/vscode-codeql/pull/174",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-45912",
  "openTime": "2019-12-18",
  "patchDescription": "Microsoft Visual Studio Code\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u4ee3\u7801\u7f16\u8f91\u5668\u3002\r\n\r\nMicrosoft Visual Studio Code\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7528\u6237\u8eab\u4efd\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Visual Studio Code\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Visual Studio Code \u003c1.0.1"
  },
  "referenceLink": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md\r\nhttps://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-26",
  "title": "Microsoft Visual Studio Code\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-16765 (GCVE-0-2019-16765)

Vulnerability from cvelistv5 – Published: 2019-11-25 17:41 – Updated: 2024-08-05 01:24

Summary

If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-250 - Execution with Unnecessary Privileges
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/github/vscode-codeql/security/…	x_refsource_CONFIRM
	https://github.com/github/vscode-codeql/pull/174	x_refsource_MISC
	https://github.com/github/vscode-codeql/blob/v1.0…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	github	vscode-codeql	Affected: < 1.0.1 , < 1.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:47.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/github/vscode-codeql/pull/174"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vscode-codeql",
          "vendor": "github",
          "versions": [
            {
              "lessThan": "1.0.1",
              "status": "affected",
              "version": "\u003c 1.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker\u0027s choosing may be executed on the user\u0027s behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace\u0027s upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-25T17:41:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/github/vscode-codeql/pull/174"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
        }
      ],
      "source": {
        "advisory": "GHSA-wf4x-8mpj-r42q",
        "discovery": "UNKNOWN"
      },
      "workarounds": [
        {
          "lang": "en",
          "value": "Manually review the workspace settings for any workspace obtained from an external source. These settings can be found in the .vscode/settings.json file within the workspace directory. Remove the configuration values for the codeQL.cli.executablePath, codeQL.cli.owner, and codeQL.cli.repository settings for the workspace.\n\nIf you wish to use the codeQL.cli.executablePath setting to indicate the location of a CodeQL CLI executable, then move this to your user settings, and check that you trust the configured path. You can access the user settings by choosing Preferences: Open User Settings from the Command Palette."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2019-16765",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "vscode-codeql",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "\u003c 1.0.1",
                            "version_value": "1.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "github"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker\u0027s choosing may be executed on the user\u0027s behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace\u0027s upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250 Execution with Unnecessary Privileges"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q",
              "refsource": "CONFIRM",
              "url": "https://github.com/github/vscode-codeql/security/advisories/GHSA-wf4x-8mpj-r42q"
            },
            {
              "name": "https://github.com/github/vscode-codeql/pull/174",
              "refsource": "MISC",
              "url": "https://github.com/github/vscode-codeql/pull/174"
            },
            {
              "name": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md",
              "refsource": "MISC",
              "url": "https://github.com/github/vscode-codeql/blob/v1.0.1/CHANGELOG.md"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wf4x-8mpj-r42q",
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Manually review the workspace settings for any workspace obtained from an external source. These settings can be found in the .vscode/settings.json file within the workspace directory. Remove the configuration values for the codeQL.cli.executablePath, codeQL.cli.owner, and codeQL.cli.repository settings for the workspace.\n\nIf you wish to use the codeQL.cli.executablePath setting to indicate the location of a CodeQL CLI executable, then move this to your user settings, and check that you trust the configured path. You can access the user settings by choosing Preferences: Open User Settings from the Command Palette."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2019-16765",
    "datePublished": "2019-11-25T17:41:17.000Z",
    "dateReserved": "2019-09-24T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:24:47.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-45912

CVE-2019-16765 (GCVE-0-2019-16765)

Tags

Sightings

Nomenclature