ericc-ch copilot-api Wildcard CORS Vulnerability Allowing Cross-Origin Token Theft

A critical vulnerability exists in ericc-ch copilot-api versions through 0.7.0, specifically within the Token Endpoint's CORS configuration. The server's CORS policy is set to wildcard, allowing any domain to make cross-origin requests. This, combined with an open token endpoint that requires no authentication, creates a zero-click attack vector for stealing GitHub Copilot bearer tokens. The vulnerability can be exploited remotely, with the stolen tokens usable against the GitHub Copilot API.

Impact

Exploitation of this vulnerability leads to unauthorized access to the Copilot bearer token, allowing attackers to use the victim's Copilot subscription, including API abuse and token theft, with potential financial implications from Copilot quota consumption.

Reproduction

To reproduce this vulnerability, upload the provided proof-of-concept HTML file to a web server. Then, lure a victim to visit the page while they have copilot-api running locally. The exploit will automatically steal the Copilot token and usage data, demonstrating the API abuse by proxying chat completions through the Copilot API.

Remediation

To address this vulnerability, remove the unauthenticated token endpoint or require authentication. Additionally, restrict CORS to specific trusted origins and add bearer token authentication on all routes.