Visual Studio Code Exposure Scanner

Visual Studio Code, commonly referred to as VSCode, is a popular open-source code editor developed by Microsoft. It is used by developers worldwide for building and debugging modern web and cloud applications. The versatility of VSCode is enhanced by extensions like the SFTP extension, which allows for file transfer over SFTP, making it convenient for developers who need to upload files to remote servers directly from the editor. Configurations and sensitive details are sometimes stored in files within the workspace, where accessibility can pose serious security issues. The tool's popularity and functionality make it a prime target for vulnerability checks. Ensuring that such configurations are properly secured is crucial for maintaining the integrity of the development pipeline.

The VSCode SFTP File Disclosure vulnerability involves the exposure of sensitive files containing SFTP/SSH server details and credentials, potentially accessible by unauthorized users. The vulnerability exists due to the improper configuration or exposure of configuration files like `sftp.json` within publicly accessible directories. When these files are improperly secured, critical information can be leaked, including server addresses, usernames, and passwords needed for SFTP connections. Attackers can exploit this weakness to gain unauthorized access to servers, leading to further compromise. This vulnerability poses significant risks, especially when sensitive server environments are involved.

Technical details surrounding the VSCode SFTP File Disclosure vulnerability reveal issues with specific configuration files. The vulnerable endpoints often involve URLs that end with pathways like `/sftp.json`, `/.config/sftp.json`, or `/.vscode/sftp.json`. The exposure is detected through HTTP GET requests that confirm the presence of JSON files by checking for specific parameters like `"name"`, `"host"`, and `"protocol"`. Successful access to these files usually returns a 200 status code along with JSON formatted data containing sensitive configurations, if not correctly secured, can lead to severe security breaches.

When exploited, the effects of the VSCode SFTP File Disclosure vulnerability can be quite severe. Attackers who gain access to SFTP configuration files may use the disclosed credentials to establish unauthorized access to the associated servers. This could lead to unauthorized file transfers, potential data breaches, loss of sensitive intellectual property, and broader network compromise if additional security measures are not in place. Furthermore, the unauthorized access can serve as a pivot point for further attacks against systems within the network.

REFERENCES

• https://marketplace.visualstudio.com/items?itemName=liximomo.sftp
• https://code.visualstudio.com/docs/editor/extension-marketplace