CNNVD-202506-3578 Information

CNNVD ID

CNNVD-202506-3578

Related CVE

CVE-2025-6705

• CNNVD Published: 2025-06-27

Description (Chinese)

Eclipse Open VSX是Eclipse开源的一个代码扩展的开源注册表。 Eclipse Open VSX存在安全漏洞，该漏洞源于CI作业缺少沙箱限制，可能导致服务账户接管。

Description (English)

Eclipse Open VSX is an open source registration form for an extended code from Eclipse Open Source. There is a security loophole in Eclipse Open VSX, which stems from the lack of sandbox restrictions in CI operations, which may lead to the taking over of service accounts.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Eclipse

Published

2025-06-27

Last Modified

2026-02-24

References

https://open-vsx.org https://github.com/EclipseFdn/publish-extensions/pull/881 https://access.redhat.com/security/cve/cve-2025-6705

Patch

https://open-vsx.org/