ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure
securityweek
A researcher has disclosed the details of a recently patched ChatGPT vulnerability that may have exposed some of the AI chatbot’s underlying cloud infrastructure.
Jacob Krut, a bug bounty hunter and security engineer at Open Security, discovered the vulnerability while working on creating a custom GPT —a personalized version of ChatGPT tailored to a specific purpose or area of expertise.
The researcher found the weakness in the ‘Actions’ section, where users define how the custom GPT can interact with external services via APIs. The feature relied on user-provided URLs that were not properly validated, allowing an attacker to conduct a server-side request forgery (SSRF) attack.
SSRF vulnerabilities can be exploited using specially crafted URLs to make unauthorized requests to internal network resources that the attacker would normally not be able to access.
In the case of ChatGPT, Krut was able to exploit the vulnerability to query a local endpoint ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE