PT-2025-44215 · Microsoft+1 · Vscode+1
Published
2025-10-28
·
Updated
2025-10-29
·
CVE-2025-62794
CVSS v3.1
3.8
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
GitHub Workflow Updater versions prior to 0.0.7
Description
The GitHub Workflow Updater VS Code extension had a security issue where GitHub tokens were stored in plaintext within the editor configuration as JSON on disk, instead of utilizing the secure storage API. This meant an attacker with read access to a user's home directory could potentially access the token and use it to perform actions.
Recommendations
Update to version 0.0.7.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Workflow Updater
Vscode