A security researcher uncovered a critical SSRF vulnerability in ChatGPT’s custom GPT actions, which could have led to cloud infrastructure exposure. The flaw was promptly patched by OpenAI after being reported through their bug bounty program. #ChatGPT #SSRF #AzureIMDS #OpenSecurity #BugCrowd
Keypoints
- The vulnerability was found in ChatGPT’s ‘Actions’ feature where user-defined URLs were not properly validated.
- Exploit could allow attackers to query internal endpoints like Azure’s Instance Metadata Service (IMDS).
- Gaining access to the IMDS could have compromised the underlying Azure cloud infrastructure used by OpenAI.
- The flaw was classified as ‘high severity’ and was quickly patched by OpenAI after disclosure.
- The incident highlights the importance of thorough input validation to prevent SSRF attacks in cloud-based AI platforms.
Read More: https://www.securityweek.com/chatgpt-vulnerability-exposed-underlying-cloud-infrastructure/