PT-2019-4155 · Microsoft · Visual Studio Live Share

Publicado

2019-12-10

Atualizado

2019-12-16

CVE-2019-1486

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Visual Studio Live Share (affected versions not specified)

Description A spoofing issue exists in Visual Studio Live Share, where a guest connected to a Live Share session can be redirected to an arbitrary URL specified by the session host. This is related to security setting errors in the Live Share extension of Microsoft Visual Studio. Exploitation of this issue may allow a remote attacker to redirect a user to a malicious URL by convincing them to connect to a specially crafted Live Share session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601CWE-269

Identificadores relacionados

BDU:2019-04739

CVE-2019-1486

Produtos afetados

Visual Studio Live Share

PT-2019-4155 · Microsoft · Visual Studio Live Share

CVE-2019-1486

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6