CVE-2019-1486

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
microsoftvisual_studio_2019
16.0 ≤
𝑥
≤ 16.4
microsoftvisual_studio_live_share
𝑥
< 1.0.1374
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1486
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1486