You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An elevation of privilege vulnerability exists in VS Code v1.71.0 and earlier versions where on a shared Windows machine, a low-privileged attacker can create a bash.exe executable in a location where terminal profiles are detected. This detected profile is then exposed in the terminal profiles list and can be run easily by the vulnerable user. The paths in question were:
The fix is available starting with VS Code 1.71.1. The fix (0b356bf) mitigates this attack by removing those paths completely from the terminal profile detection feature.
Workarounds
Avoid running terminal profiles that are not expected to be installed on the machine. An administrator may be able to lock down the folders in question.
An elevation of privilege vulnerability exists in VS Code v1.71.0 and earlier versions where on a shared Windows machine, a low-privileged attacker can create a
bash.exe
executable in a location where terminal profiles are detected. This detected profile is then exposed in the terminal profiles list and can be run easily by the vulnerable user. The paths in question were:C:\Cygwin64\bin\bash.exe
C:\Cygwin\bin\bash.exe
C:\ProgramData\scoop\apps\git-with-openssh\current\bin\bash.exe
Patches
The fix is available starting with VS Code 1.71.1. The fix (0b356bf) mitigates this attack by removing those paths completely from the terminal profile detection feature.
Workarounds
Avoid running terminal profiles that are not expected to be installed on the machine. An administrator may be able to lock down the folders in question.
References
The text was updated successfully, but these errors were encountered: