Private repository info exposed by GitHub Copilot Chat vulnerability

SecurityWeek reports that GitHub Copilot Chat, an artificial intelligence chatbot meant to give code suggestions and explanations, has been impacted by a serious security issue that could be exploited to expose data and hijack Copilot's responses.

Apart from leaking Amazon Web Services keys and zero-day flaws, intrusions leveraging the remote prompt injection flaw, along with Content Security Policy evasion, could allow illicit code suggestions to other users, according to Legit Security researcher Omer Mayraz. Other prompts allowing private repository access and subsequent content encoding and URL appending were also possible.

"Then, when the user clicks the URL, the data is exfiltrated back to us," said Mayraz.

While GitHub was noted to feature a stringent CSP that prohibited image and content retrieval from non-GitHub-owned platforms, such protections could be bypassed with a dictionary with the entire alphabet's letters and symbols that had an equivalent Camo URL. GitHub has already prevented Camo use for sensitive data exposure to address the issue.