|
|
|
|
|
|
by InitialBP
251 days ago
|
|
|
I believe the CLI _does_ ask permission for each program trying to access it. The author's example includes a malicious vscode extension abusing the fact that he intentionally granted vscode permission to access the vault for one purpose and then a malicious extension leveraged that access to retrieve information through the op cli. |
|
|