low

Amazon Q for Business Data Exfiltration

Published Thu, Jan 18th, 2024

Platforms

Summary

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltration of the victim’s data by rendering hyperlinks.

Affected Services

Amazon Q

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2024/aws-amazon-q-fixes-markdown-rendering-vulnerability/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Mon, Dec 4th, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Johann Rehberger

More vulnerabilities...

high

Azure Pipelines Agent poisoned pipeline execution

Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed repository (github.com/actions/runner-images). This repo was misconfigured to...

Adnan Khan

Wed, Dec 20th, 2023

low

AWS IAM Identity Center Expiry

AWS IAM Identity Center exchanges third-party OIDC tokens for Identity Center-issued tokens. Identity Center relies on the jti claim in the third-party tokens to prevent replay attacks. Identity C...

Aidan Steele

Tue, Dec 19th, 2023

low

AWS AppFlow WooCommerce SSRF

The AppFlow WooCommerce connector allowed specification of a full URL. The connector included details of response content when the URL offered an unexpected response. This means you could make arbi...

Ronin

Mon, Nov 6th, 2023

View all