CVE Vulnerabilities

CVE-2021-34477

Improper Privilege Management

Published: Jul 14, 2021 | Modified: Dec 28, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
.net_education_bundle_sdk_install_tool Microsoft 0.6.0 (including) 0.7.0 (excluding)
.net_install_tool_for_extension_authors Microsoft 1.1.0 (including) 1.2.0 (excluding)

Potential Mitigations

References