CVE-2020-1343

Published: Jun 9, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists in Visual Studio Code Live Share Extension when it exposes tokens in plain text, aka 'Visual Studio Code Live Share Information Disclosure Vulnerability'.

Affected (1)

Products: Microsoft: Visual Studio Live Share

Microsoft

1 product

Visual Studio Live Share

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Visual Studio Live Share	All versions

Related CWEs

CWE-319

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1343

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1343

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.