9.3

CVE-2020-1416

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftTypescript Version-
MicrosoftVisual Studio 2017 Version >= 15.0 < 15.9.25
MicrosoftVisual Studio 2019 Version >= 16.0 < 16.0.16
MicrosoftVisual Studio 2019 Version >= 16.1 < 16.4.11
MicrosoftVisual Studio 2019 Version >= 16.5 < 16.6.4
MicrosoftVisual Studio Code Version < 1.47.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 10.48% 0.929
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.