An elevation of privilege vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.

To exploit this vulnerability, an attacker would first have to have access to the project and swap the short-term token for a long-term one.

The update addresses the vulnerability by correcting how the Visual Studio updater handles these tokens.



Source link