Improper limitation of a pathname to a restricted directory ('path traversal') in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally.
What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), and integrity (I:H), and some loss of availability (A:L). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could view sensitive information (Confidentiality) and modify code in the repo, (Integrity), and they might be able to interfere with availability of the code (Availability).
<a href="https://twitter.com/philiptsukerman">Philip Tsukerman</a> with <a href="https://cyberark.com/">Cyberark</a>