PT-2022-23075 · Microsoft · Vscode
Pjbgf
·
Published
2022-08-18
·
Updated
2022-08-23
·
CVE-2022-35976
CVSS v3.1
5.2
Medium
| Vector | AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GitOps Tools Extension for VSCode (affected versions not specified)
Description
The GitOps Tools Extension for VSCode is affected by an issue where a specially crafted kubeconfig can lead to arbitrary code execution on behalf of the user running VSCode. This issue is specific to the extension and does not affect the use of kubeconfig with kubectl. Users who rely on kubeconfigs generated or altered by other processes or users are at risk. Using only trustworthy kubeconfigs is a safe mitigation.
Recommendations
Update to the latest version of the GitOps Tools Extension for VSCode.
As a temporary workaround, consider using only trustworthy kubeconfigs to minimize the risk of exploitation.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vscode