Legit Security revealed a vulnerability in GitHub Copilot Chat that could leak sensitive data and allow full control over responses, by exploiting a Content Security Policy bypass and prompt injection. This flaw enabled the theft of AWS keys and zero-day bugs from private repositories, with GitHub addressing the issue by implementing restrictions on Camo URL usage. #GitHubCopilot #ContentSecurityPolicy
Keypoints
- The vulnerability involves a CSP bypass combined with remote prompt injection in GitHub Copilot Chat.
- Attackers could exfiltrate private repository content, including AWS keys and zero-day bugs.
- Hidden comments in the chat could influence Copilot’s suggestions, including malicious code.
- Researchers used a Camo URL dictionary and a web server to bypass protections for data exfiltration.
- GitHub responded by disabling the use of Camo URLs for sensitive information leakage.
Read More: https://www.securityweek.com/github-copilot-chat-flaw-leaked-data-from-private-repositories/