ChatGPT Plugin Flaw – attackers could access private GitHub repos of others

Y	Hacker News new \| ask \| show \| jobs

	ChatGPT Plugin Flaw – attackers could access private GitHub repos of others (scmagazine.com)
	5 points by MorL 825 days ago

1 comments

aviCC 825 days ago

Technical details: "The plugin does not authenticate the request, which means that the attacker can insert another memberId (aka the victim) and get a code that represents the victim. With that code, he can use ChatGPT and access the GitHub of the victim."

link

aviCC 825 days ago

And a link, if you want to read the official blog post: https://salt.security/blog/security-flaws-within-chatgpt-ext...

link