PT-2019-4155 · Microsoft · Visual Studio Live Share

Published

2019-12-10

Updated

2019-12-16

CVE-2019-1486

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Visual Studio Live Share (affected versions not specified)

Description A spoofing issue exists in Visual Studio Live Share, where a guest connected to a Live Share session can be redirected to an arbitrary URL specified by the session host. This is related to security setting errors in the Live Share extension of Microsoft Visual Studio. Exploitation of this issue may allow a remote attacker to redirect a user to a malicious URL by convincing them to connect to a specially crafted Live Share session.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Open Redirect

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-269

Related Identifiers

BDU:2019-04739

CVE-2019-1486

Affected Products

Visual Studio Live Share

PT-2019-4155 · Microsoft · Visual Studio Live Share

CVE-2019-1486

Weakness Enumeration

Related Identifiers

Affected Products

References · 6