A security researcher has disclosed details of a recently patched ChatGPT vulnerability that could have exposed parts of the AI chatbot's underlying cloud infrastructure.
Jacob Krut, a bug bounty hunter, discovered the weakness while developing a custom GPT, a personalized version of ChatGPT. The vulnerability was found in the 'Actions' section, where users define how a custom GPT interacts with external services via APIs.
Server-Side Request Forgery
The feature relied on user provided URLs that were not properly validated, allowing an attacker to perform a Server Side Request Forgery (SSRF) attack. SSRF vulnerabilities exploit
applications by using specially crafted URLs to make unauthorized requests to internal network resources that the attacker should not be able to access.
In this case, Krut was able to exploit the flaw to query a local endpoint associated with the Azure Instance Metadata Service (IMDS). IMDS is a component of the Azure cloud platform used for application configuration and management. By obtaining the IMDS access token associated with ChatGPT's identity, the researcher theoretically could have gained access to the underlying Azure cloud infrastructure used by OpenAI.
The vulnerability was reported to OpenAI through its bug bounty program, where the vendor quickly assigned it a 'high severity' rating and issued a patch. Although OpenAI offers up to $100,000 for critical flaws, the payment amount for this specific security hole remains unclear.
This SSRF in ChatGPT’s Custom GPT Actions is a textbook example of how small gaps in validation at the framework level can quickly lead to an exposure at the cloud level," stated Christopher Jess, senior R&D manager at Black Duck. He added that the case highlights the severity of this often overlooked attack vector. "SSRF has been in the OWASP Top 10 since 2021 precisely because of this potential blast radius: a single server side request can pivot into internal services, metadata endpoints, and privileged cloud identities.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
