Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in ChatGPT, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.
The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.
Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.
[...]
ChatGPT Vulnerability Exploited Against US Government Organizations
ChatGPT Vulnerability Exploited Against US Government Organizations
-
rbc
- Secretary
- Posts: 374
- Joined: Mon Oct 30, 2023 1:32 am
- Location: Vicksburg, MS
- ISC2 Member Status: Yes
- Contact:
ChatGPT Vulnerability Exploited Against US Government Organizations
Robert B. Carleton + ISC2 Central Mississippi Secretary