Impact
GitHub Copilot 1.372.0 contains a flaw that permits the fetch_webpage tool to read files outside the designated workspace using a file-handler URI parameter. This bypasses user approval and could enable an attacker to exfiltrate sensitive files if indirect prompt injection is achieved. The weakness is characterized by file or directory traversal (CWE‑552).
Affected Systems
The vulnerability affects the GitHub Copilot extension, specifically version 1.372.0. The product is distributed by GitHub (Microsoft).
Risk and Exploitability
The CVSS score of 7.5 indicates a high impact for the flaw that allows read access to files outside the workspace without user approval. The impact remains significant due to potential data exfiltration if indirect prompt injection is achieved. The exploit requires that an attacker can influence the Copilot input – for example through an indirect prompt injection scenario. With no EPSS data and no listing in CISA KEV, the current exploitation risk is uncertain but the potential consequences warrant prompt action.
OpenCVE Enrichment