git: e82648cefbcc - main - security/vuxml: document vscode information disclosure vulnerability

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Hiroki Tagato <tagattie_at_FreeBSD.org>
Date: Tue, 13 Jun 2023 22:08:24 UTC

The branch main has been updated by tagattie:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e82648cefbcc56d8b3230f8fe4320bd21cc5dd9d

commit e82648cefbcc56d8b3230f8fe4320bd21cc5dd9d
Author:     Hiroki Tagato <tagattie@FreeBSD.org>
AuthorDate: 2023-06-13 22:07:00 +0000
Commit:     Hiroki Tagato <tagattie@FreeBSD.org>
CommitDate: 2023-06-13 22:07:00 +0000

    security/vuxml: document vscode information disclosure vulnerability
    
    Obtained from:  https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr
---
 security/vuxml/vuln/2023.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 9ae82777c37b..ae6c99f607b8 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,30 @@
+  <vuln vid="f0250129-fdb8-41ed-aa9e-661ff5026845">
+    <topic>vscode -- VS Code Information Disclosure Vulnerability</topic>
+    <affects>
+      <package>
+	<name>vscode</name>
+	<range><lt>1.79.1</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>VSCode developers reports:</p>
+	<blockquote cite="https://github.com/microsoft/vscode/security/advisories/GHSA-j5wm-6crw-xvmr">
+	  <p>VS Code Information Disclosure Vulnerability</p>
+	  <p>A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-33144</cvename>
+      <url>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144</url>
+    </references>
+    <dates>
+      <discovery>2023-06-13</discovery>
+      <entry>2023-06-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="1567be8c-0a15-11ee-8290-a8a1599412c6">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>