low

Azure AI Playground data exfiltration

Published Thu, Oct 19th, 2023

Platforms

Summary

In Azure AI Playground, a Prompt Injection attack could cause an LLM to return markdown tags. This would have allowed an adversary whose data makes it into the chat context (e.g., via an uploaded file) to achieve exfiltration of the victim’s data by rendering hyperlinks. However, the severity of this issue is low, as there were no integrations that could pull remote content. This means Indirect Prompt Injection was not possible, and it would require the victim to copy the malicious prompt from elsewhere. A similar issue affected GCP Vertex AI.

Affected Services

AI Playground

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2023/data-exfiltration-in-azure-openai-playground-fixed/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Fri, Sep 29th, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Johann Rehberger

More vulnerabilities...

low

Amazon WorkSpaces Windows client credential logging

AWS identified an issue in the Amazon WorkSpaces Windows client which resulted in unintentionally logging connection debugging information to a user's local system. This data could include username...

Fri, Oct 6th, 2023

high

Chronicle cross-customer bucket access

Customers can configure Chronicle to ingest data from customer-owned Cloud Storage buckets using an ingestion feed. Chronicle previously used a shared service account for all customers for grantin...

DoggoZW

Tue, Sep 19th, 2023

low

AWS AppStream Cloudtrail Bypass

Credentials can be extracted from AppStream. When used, they obscure the sourceIP and userName of the initial user. The sourceIP appears as appstream.amazonaws.com.

Saransh Rana, CRED

Mon, Sep 11th, 2023

View all