The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or users are affected by this issue. Please note that the vulnerability is specific to this extension, and the same kubeconfig would not result in arbitrary code execution when used with kubectl. Using only trust-worthy kubeconfigs is a safe mitigation. However, updating to the latest version of the extension is still highly recommended.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-08-18T18:50:08
Updated: 2024-08-03T09:51:59.661Z
Reserved: 2022-07-15T00:00:00
Link: CVE-2022-35976
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-08-18T19:15:14.593
Modified: 2024-11-21T07:12:05.630
Link: CVE-2022-35976
Redhat
No data.