SecurityWeek reports that OpenAI's ChatGPT artificial intelligence chatbot was discovered to potentially have leaked its cloud infrastructure due to a recently fixed security server-side request forgery vulnerability.Attackers could leverage the SSRF flaw, which was identified within the chatbot's Actions section, to send queries to a local endpoint related to the Azure Instance Metadata Service and secure the IMDS identity's access token to eventually infiltrate OpenAI's Azure cloud infrastructure, according to Open Security security engineer Jacob Krut, who found and reported the issue. OpenAI has immediately addressed the high-severity vulnerability upon Krut's disclosure. Whether Krut was rewarded for the flaw remains unclear."This SSRF in ChatGPT's Custom GPT Actions is a textbook example of how small validation gaps at the framework layer can cascade into cloud-level exposure and highlights the severity of this often-overlooked attack vector," said Black Duck Senior R&D Manager Christopher Jess.
AI/ML, Cloud Security, Vulnerability Management
ChatGPT cloud infrastructure threatened by newly patched bug

(Adobe Stock)
An In-Depth Guide to AI
Get essential knowledge and practical strategies to use AI to better your security program.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



