A researcher has disclosed the small print of a lately patched ChatGPT vulnerability which will have uncovered a number of the AI chatbot’s underlying cloud infrastructure.
Jacob Krut, a bug bounty hunter and safety engineer at Open Safety, found the vulnerability whereas engaged on making a customized GPT —a customized model of ChatGPT tailor-made to a particular function or space of experience.
The researcher discovered the weak spot within the ‘Actions’ part, the place customers outline how the customized GPT can work together with exterior providers through APIs. The characteristic relied on user-provided URLs that weren’t correctly validated, permitting an attacker to conduct a server-side request forgery (SSRF) assault.
SSRF vulnerabilities may be exploited utilizing specifically crafted URLs to make unauthorized requests to inner community sources that the attacker would usually not have the ability to entry.
Within the case of ChatGPT, Krut was in a position to exploit the vulnerability to question a neighborhood endpoint related to the Azure Occasion Metadata Service (IMDS), an Azure cloud platform element used for utility configuration and administration.
The IMDS id authenticates the service to different sources. By acquiring the ChatGPT Azure IMDS id’s entry token, the researcher may have gained entry to the underlying Azure cloud infrastructure utilized by OpenAI.
The vulnerability was reported to OpenAI via its bug bounty program on the BugCrowd platform. The researcher mentioned the seller assigned it a ‘excessive severity’ score and shortly patched it.
It’s unclear if a bug bounty has been paid out for the safety gap. In Could, OpenAI began providing as much as $100,000 for vital vulnerabilities, however the common payout previously three months has been lower than $800, and the very best publicly listed reward since Could was $5,000.Commercial. Scroll to proceed studying.
“This SSRF in ChatGPT’s Customized GPT Actions is a textbook instance of how small validation gaps on the framework layer can cascade into cloud-level publicity and highlights the severity of this often-overlooked assault vector,” mentioned Christopher Jess, senior R&D supervisor at utility safety agency Black Duck.
“SSRF has been within the OWASP High 10 since 2021 due to exactly this potential blast radius: a single server-side request can pivot into inner providers, metadata endpoints, and privileged cloud identities,” Jess added.
Associated: ChatGPT Focused in Server-Facet Information Theft Assault
Associated: Researchers Hack ChatGPT Reminiscences and Internet Search Options
Associated: AI Sidebar Spoofing Places ChatGPT Atlas, Perplexity Comet and Different Browsers at Threat
Associated: ChatGPT Tricked Into Fixing CAPTCHAs
