ChatGPT Plugin Flaw – attackers could access private GitHub repos of others(scmagazine.com)
scmagazine.com
ChatGPT Plugin Flaw – attackers could access private GitHub repos of others
https://www.scmagazine.com/news/chatgpt-0-click-plugin-exploit-risked-leak-of-private-github-repos
3 コメント
[deleted]
Technical details:
"The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."
And a link, if you want to read the official blog post:
https://salt.security/blog/security-flaws-within-chatgpt-ext...