CVE-2023-46944
Published: 28 November 2023
Summary
CVE-2023-46944 is a high-severity an unspecified weakness vulnerability in Gitkraken Gitlens. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-51105
Vulnerability details
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2023-46944 enables arbitrary code execution (T1203) via crafted Git local configuration in malicious repositories opened in VSCode with GitLens, bypassing Workspace Trust security boundary (T1211).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.