Описание
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
FAQ
What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.
According to the CVSS metric, the attack vector is local (AV:L), privileges are required (PR:L) and user interaction is required (UI:R). How could an attacker exploit this security feature bypass vulnerability?
The attack itself is carried out locally by a user with authentication to the targeted repo. An authenticated attacker could place a malicious file in the targeted repo and then wait for the user to prompt Copilot to review the file.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
5 Medium
CVSS3
Связанные уязвимости
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Improper validation of generative ai output in GitHub Copilot and Visual Studio Code allows an authorized attacker to bypass a security feature locally.
Уязвимость редактора исходного кода Microsoft Visual Studio Code, связанная с нарушением механизма защиты данных, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
5 Medium
CVSS3