GitHub Copilot Unauthorized Filesystem Access via URI Handler

GitHub Copilot version 1.372.0 contains a critical path traversal vulnerability in its `fetch_webpage` function that allows attackers to read files outside the intended workspace directory without explicit user approval. By manipulating file-handler URI parameters, threat actors can access sensitive files on a developer's system—credentials, source code, configuration files, or other protected data. This vulnerability is particularly dangerous because it can be triggered through indirect prompt injection attacks, where malicious instructions embedded in code or documentation prompt Copilot to fetch unauthorized resources. Developers using affected versions face immediate risk of credential compromise and intellectual property theft, making this a high-priority patch for any organization relying on GitHub Copilot for development workflows.

While this CVE lacks explicit MITRE ATT&CK mapping, Casky's AI-driven analysis would identify attack patterns consistent with T1005 (Data from Local System), T1213 (Data from Information Repositories), and T1552 (Unsecured Credentials). Practitioners using Casky would see findings highlighting unsafe file access patterns, detection of URI manipulation attempts in Copilot logs, and behavioral anomalies indicating filesystem enumeration beyond workspace boundaries. Claude's extended reasoning capability would correlate indirect prompt injection patterns with subsequent unauthorized file reads, helping security teams distinguish legitimate Copilot operations from exploitation attempts. Practitioners would also receive contextual alerts about credential exposure risks and recommendations for network segmentation to limit lateral movement from compromised developer environments.