Insufficiently protected credentials in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network.
What type of information could be disclosed by this vulnerability? This vulnerability could expose a sign-in access token for a user’s work account. If disclosed, that token could allow access to data and services that the user is authorized to use, potentially including sensitive organizational information. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have be enticed to open a malicious file in vscode. Users should never open anything that they do not know or trust to be safe.
Anonymous