Full Report
New research has uncovered that publishers of over 100 Visual Studio Code (VS Code) extensions leaked access tokens that could be exploited by bad actors to update the extensions, posing a critical software supply chain risk. "A leaked VSCode Marketplace or Open VSX PAT [personal access token] allows an attacker to directly distribute a malicious extension update across the entire install base,"
Analysis Summary
# Vulnerability: Leaked Access Tokens in VS Code Extensions Exposing Supply Chain
## CVE Details
- CVE ID: Not explicitly assigned in the provided text. (This summary covers a widespread configuration/supply chain finding, not a specific patched CVE).
- CVSS Score: Not calculated, but the risk is implied to be High due to supply chain impact.
- CWE: CWE-312 (Cleartext Exposure of Sensitive Information) or CWE-798 (Use of Hard-coded Credentials) are likely relevant.
## Affected Systems
- Products: Visual Studio Code (VS Code) Extensions, distributed via VS Code Marketplace and Open VSX.
- Versions: All extensions where publishers hard-coded Personal Access Tokens (PATs) or Access Tokens into the extension files (.vsix). Specifically mentioned are **over 100 extensions** leaking VS Code Marketplace PATs (totaling >85,000 installs) and **30 extensions** leaking Open VSX Access Tokens (>100,000 cumulative installs).
- Configurations: Extensions that were unzipped and inspected revealed hard-coded secrets.
## Vulnerability Description
Over 100 published VS Code extensions accidentally included hard-coded secrets, such as Personal Access Tokens (PATs) for the VS Code Marketplace or Access Tokens for Open VSX. Since VS Code extensions (.vsix files) can be unzipped and inspected, these secrets were exposed. A threat actor gaining access to one of these tokens can directly update the associated extension, allowing them to distribute **malicious updates (malware)** to the entire install base of that extension. The leaked secrets also included over 550 validated secrets of various types, including credentials for AWS, Google Cloud, MongoDB, OpenAI, and others.
## Exploitation
- Status: **PoC available** (Researcher confirmed ability to inspect and exploit the leaked tokens). Although the article implies widespread *potential* for exploitation, active exploitation is not explicitly confirmed, but the capability exists.
- Complexity: **Low** for an attacker possessing the leaked token, as they can immediately publish malicious updates.
- Attack Vector: **Network** (Via the Marketplace update mechanism).
## Impact
- Confidentiality: **High** (The tokens grant access to various services, including AI providers, cloud infrastructure, and databases).
- Integrity: **Critical** (An attacker can compromise the integrity of the software update pipeline, injecting malware/backdoors into trusted tooling used by developers).
- Availability: **High** (Potential for service disruption if cloud resources are compromised or extensions are disabled).
## Remediation
### Patches
- Microsoft has **revoked the publicly leaked PATs** following responsible disclosure (Late March/April 2025).
- Microsoft is **adding secret scanning capabilities** to the VS Code Marketplace to block extensions containing verified secrets and notify developers.
### Workarounds
- **Limit the number of installed extensions.**
- **Scrutinize extensions** before downloading and installing.
- **Weigh the pros and cons of enabling auto-updates** (giving manual control over when updates from potentially compromised sources are installed).
- **Organizations should develop an extension inventory** to respond faster to malicious reports.
- **Consider implementing a centralized allowlist** for extensions allowed within the organization.
## Detection
- Detection in previously compromised extensions has been (or will be) managed by Microsoft revoking tokens.
- **Detection methods** should focus on scanning extension source code or build artifacts for embedded PATs or cloud service credentials **before publication**.
- Indicators of Compromise (IOCs) would involve monitoring for unexpected updates to installed extensions, though exploitation relies on malicious update distribution, which is hard to detect client-side without integrity checks.
## References
- Vendor Advisory (Microsoft): developer dot microsoft dot com/blog/security-and-trust-in-visual-studio-marketplace
- Secret Scanning Requirement: github dot com/microsoft/vsmarketplace/discussions/1442
- Research Report (Wiz): wiz dot io/blog/supply-chain-risk-in-vscode-extension-marketplaces