Description
An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416
Scores
CVSS v3
8.8
EPSS
0.0586
EPSS Percentile
92.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (5)
microsoft/azure_storage_explorer
microsoft/typescript
microsoft/visual_studio_2017
15.0 - 15.9.25
microsoft/visual_studio_2019
16.0 - 16.0.16
microsoft/visual_studio_code
< 1.47.1
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026