CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
microsoftazure_storage_explorer
-
microsofttypescript
-
microsoftvisual_studio_2017
15.0 ≤
𝑥
< 15.9.25
microsoftvisual_studio_2019
16.0 ≤
𝑥
< 16.0.16
microsoftvisual_studio_2019
16.1 ≤
𝑥
< 16.4.11
microsoftvisual_studio_2019
16.5 ≤
𝑥
< 16.6.4
microsoftvisual_studio_code
𝑥
< 1.47.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416