Salesforce MuleSoft Anypoint Code Builder Incorrect Permission Assignment Vulnerability

A vulnerability allowing incorrect permission assignment for critical resources has been identified in Salesforce MuleSoft Anypoint Code Builder. This issue affects versions prior to 1.11.6 and allows manipulation of writable configuration files, which could lead to arbitrary command execution. When combined with prompt injection, this vulnerability could result in remote code execution, potentially granting full access to the victim's Salesforce organization.

Impact

Exploitation of this vulnerability could allow arbitrary command execution, and when combined with prompt injection, could lead to remote code execution, potentially granting full access to the victim's Salesforce organization.

Remediation

Users of Salesforce MuleSoft Anypoint Code Builder should update to version 1.11.6 or later. Those who have disabled automatic updates must manually check for and apply the update. Instructions for manually updating extensions are available in the Visual Studio Extension Auto-Update Section.