{"containers": {"cna": {"affected": [{"product": "Microsoft Visual Studio 2019 version 16.5", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}, {"product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}, {"product": "Microsoft Visual Studio 2019", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "16.0"}]}, {"product": "Microsoft Visual Studio", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2015 Update 3"}]}, {"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "unspecified"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T15:12:44.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0900", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Visual Studio 2019 version 16.5", "version": {"version_data": [{"version_value": ""}]}}, {"product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", "version": {"version_data": [{"version_value": ""}]}}, {"product_name": "Microsoft Visual Studio 2019", "version": {"version_data": [{"version_value": "16.0"}]}}, {"product_name": "Microsoft Visual Studio", "version": {"version_data": [{"version_value": "2015 Update 3"}]}}, {"product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", "version": {"version_data": [{"version_value": ""}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:18:03.628Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0900", "datePublished": "2020-04-15T15:12:44.000Z", "dateReserved": "2019-11-04T00:00:00.000Z", "dateUpdated": "2024-08-04T06:18:03.628Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_2015:update_3:*:*:*:*:*:*:*", "matchCriteriaId": "8C58C82C-6F98-47B2-8801-8D04D4C5CF7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*", "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3886D126-9ADC-4AAF-8169-70F3DE3A7773", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.4:*:*:*:*:*:*:*", "matchCriteriaId": "E904F8BF-C415-43BC-89BD-8AD912BEA82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CCC238C-4305-433B-BC0F-8C537C4A963C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'."}, {"lang": "es", "value": "Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Visual Studio Extension Installer Service maneja inapropiadamente operaciones de archivos, tambi\u00e9n se conoce como \"Visual Studio Extension Installer Service Elevation of Privilege Vulnerability\"."}], "id": "CVE-2020-0900", "lastModified": "2024-11-21T04:54:25.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T15:15:14.557", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}