DeeperML

A server-side request forgery (SSRF) vulnerability, identified as CVE-2024-27564, is being actively exploited within OpenAI's ChatGPT infrastructure. Cybersecurity firm Veriti has uncovered over 10,000 attack attempts in a single week originating from a single malicious IP address. The vulnerability allows attackers to inject malicious URLs into input parameters, forcing the application to make unintended requests. Despite being classified as a medium-severity issue, this flaw poses significant risks to organizations.

Veriti's research indicates that financial institutions are primary targets due to their reliance on AI-driven services and API integrations, making them susceptible to SSRF attacks that can compromise internal resources and sensitive data. Government organizations in the U.S. have also been targeted. Alarmingly, 35% of organizations are inadequately protected due to misconfigurations in their Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), and traditional firewalls, highlighting the importance of vigilance against all threats, regardless of severity.

ImgSrc: securityonline.

References :

• hackread.com: Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week
• securityaffairs.com: ChatGPT SSRF bug quickly becomes a favorite attack vector
• securityonline.info: CVE-2024-27564: Attackers Exploit OpenAI Vulnerability in the Wild
• Rescana: Global Alert: CVE-2024-27564 Vulnerability in OpenAI ChatGPT Threatens Critical Sectors

Classification:

• HashTags: #ChatGPT #SSRF #Cybersecurity
• Company: OpenAI
• Target: Financial and Government Organizations
• Product: ChatGPT
• Feature: SSRF
• Type: Vulnerability
• Severity: Medium