PT-2020-13420 · Gitlab · Gitlab-Vscode-Extension

Published

2020-06-22

Updated

2021-07-21

CVE-2020-13279

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gitlab-vscode-extension version 2.2.0

Description The issue allows for client-side code execution, enabling an attacker to execute code on a user's system.

Recommendations For gitlab-vscode-extension version 2.2.0, update to a version that contains a fix for this issue, as the current version allows for client-side code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2020-13279

Affected Products

Gitlab-Vscode-Extension

PT-2020-13420 · Gitlab · Gitlab-Vscode-Extension

CVE-2020-13279

Weakness Enumeration

Related Identifiers

Affected Products

References · 5