aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6561 items

CVE-2023-34239: Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path f

highvulnerability
security
Jun 8, 2023
CVE-2023-34239

Gradio, an open-source Python library for building machine learning and data science applications, has a vulnerability where it fails to properly filter file paths and restrict which URLs can be proxied (accessed through Gradio as an intermediary), allowing unauthorized file access. This vulnerability affects input validation (the process of checking that data entering a system is safe and expected).

Fix: Users are advised to upgrade to version 3.34.0. The source notes there are no known workarounds for this vulnerability.

NVD/CVE Database

CVE-2023-34094: ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 202

highvulnerability
security
Jun 2, 2023
CVE-2023-34094

ChuanhuChatGPT (a graphical interface for ChatGPT and other large language models) has a vulnerability in versions 20230526 and earlier that allows attackers to access the config.json file (a configuration file storing sensitive settings) without permission when authentication is disabled, potentially exposing API keys (credentials that grant access to external services). The vulnerability allows attackers to steal these API keys from the configuration file.

CVE-2023-33979: gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. T

mediumvulnerability
security
May 31, 2023
CVE-2023-33979

gpt_academic (a tool that provides a graphical interface for ChatGPT/GLM) versions 3.37 and earlier have a vulnerability where the Configuration File Handler allows attackers to read sensitive files through the `/file` route because no files are protected from access. This can leak sensitive information from working directories to users who shouldn't have access to it.

ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data

infonews
securitysafety

CVE-2023-32676: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was fo

mediumvulnerability
security
May 26, 2023
CVE-2023-32676

Autolab, a service that automatically grades programming assignments in courses, has a tar slip vulnerability (a flaw where extracted files can be placed outside their intended directory) in its assessment installation feature. An attacker with instructor permissions could upload a specially crafted tar file (a compressed archive format) with file paths like `../../../../tmp/tarslipped1.sh` to place files anywhere on the system when the form is submitted.

CVE-2023-32317: Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was fo

mediumvulnerability
security
May 26, 2023
CVE-2023-32317

Autolab, a service that manages programming courses and automatically grades assignments, has a tar slip vulnerability (a flaw where compressed files can extract to unintended locations outside their target directories) in its MOSS cheat checker feature. An authenticated instructor could upload a specially crafted tar file (compressed archive) that extracts files to arbitrary locations on the system, potentially allowing them to write malicious files anywhere the service has access.

CVE-2023-28382: Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alt

highvulnerability
security
May 26, 2023
CVE-2023-28382

CVE-2023-28382 is a directory traversal vulnerability (a flaw that lets attackers access files outside intended directories) in ESS REC Agent Server Edition across multiple operating systems. An authenticated attacker (someone with valid login credentials) can use this vulnerability to view or modify any file on the affected server. The vulnerability affects versions 1.0.0 to 1.4.3 on Linux, 1.1.0 to 1.4.0 on Solaris and HP-UX, and 1.2.0 to 1.4.1 on AIX.

CVE-2023-2800: Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.

mediumvulnerability
security
May 18, 2023
CVE-2023-2800

CVE-2023-2800 is a vulnerability in the Hugging Face Transformers library (a popular tool for working with AI language models) prior to version 4.30.0 that involves insecure temporary files (CWE-377, a weakness where temporary files are created in ways that attackers could exploit). The vulnerability was discovered and reported through the huntr.dev bug bounty platform.

CVE-2023-2780: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.

criticalvulnerability
security
May 17, 2023
CVE-2023-2780EPSS: 87.8%

MLflow (a tool for managing machine learning experiments) versions before 2.3.1 contain a path traversal vulnerability (CWE-29, a weakness where attackers can access files outside intended directories by using special characters like '..\'). This vulnerability could allow an attacker to read or manipulate files they shouldn't have access to.

ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery

highnews
security
May 16, 2023

A malicious website can hijack a ChatGPT chat session and steal conversation history by controlling the data that plugins (add-ons that extend ChatGPT's abilities) retrieve. The post highlights that while plugins can leak data by receiving too much information, the main risk here is when an attacker controls what data the plugin pulls in, enabling them to extract sensitive information.

Indirect Prompt Injection via YouTube Transcripts

mediumnews
securitysafety

Adversarial Prompting: Tutorial and Lab

infonews
securityresearch

CVE-2023-30172: A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers

highvulnerability
security
May 11, 2023
CVE-2023-30172

CVE-2023-30172 is a directory traversal vulnerability (a flaw where attackers can access files outside the intended folder by manipulating file paths) in the /get-artifact API method of MLflow platform versions up to v2.0.1. Attackers can exploit the path parameter to read arbitrary files stored on the server.

Video: Prompt Injections - An Introduction

infonews
securitysafety

CVE-2023-1651: The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to upda

mediumvulnerability
security
May 8, 2023
CVE-2023-1651

The AI ChatBot WordPress plugin before version 4.4.9 has two security flaws in its code that handles OpenAI settings. First, it lacks authorization checks (meaning it doesn't verify who should be allowed to make changes), allowing even low-privilege users like subscribers to modify settings. Second, it's vulnerable to CSRF (cross-site request forgery, where an attacker tricks a logged-in user into making unwanted changes) and stored XSS (cross-site scripting, where malicious code gets saved and runs when others view the page).

CVE-2023-30859: Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload

highvulnerability
security
May 1, 2023
CVE-2023-30859

Triton is a Minecraft plugin that translates server messages, but it has a vulnerability in its bungee mode (a feature for connecting multiple servers). When bungee mode is enabled, attackers can send a special packet through the 'triton:main' plugin channel to run any command on the server console, potentially making themselves administrators, stealing player information, or changing server settings.

CVE-2023-2356: Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.

highvulnerability
security
Apr 28, 2023
CVE-2023-2356EPSS: 90.5%

CVE-2023-2356 is a relative path traversal vulnerability (a flaw that lets attackers access files outside their intended directory by manipulating file paths) found in MLflow versions before 2.3.1. This weakness could allow attackers to read or access files they shouldn't be able to reach on systems running the affected software.

MLSecOps Podcast: AI Red Teaming and Threat Modeling Machine Learning Systems

infonews
securityresearch

CVE-2023-30444: IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This

highvulnerability
security
Apr 27, 2023
CVE-2023-30444

IBM Watson Machine Learning on Cloud Pak for Data versions 4.0 and 4.5 has a vulnerability called SSRF (server-side request forgery, where an attacker tricks the system into making unauthorized network requests on their behalf). An authenticated attacker could exploit this to discover network details or launch other attacks.

CVE-2023-30620: mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction

highvulnerability
security
Apr 21, 2023
CVE-2023-30620

MindsDB, a platform for building AI solutions, has a vulnerability in older versions where it unsafely extracts files from remote archives using `tarfile.extractall()` (a Python function that unpacks compressed files). An attacker could exploit this to overwrite any file that the server can access, similar to known attacks called TarSlip or ZipSlip (path traversal attacks, where files are extracted to unexpected locations).

Previous288 / 329Next

Fix: The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication (a login system that restricts who can access the software) can help mitigate the vulnerability.

NVD/CVE Database

Fix: A patch is available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a workaround, users can configure the project using environment variables instead of `config*.py` files, or use docker-compose installation (a tool for running containerized applications) to configure the project instead of configuration files.

NVD/CVE Database
May 28, 2023

ChatGPT plugins can be exploited through indirect prompt injections (attacks that hide malicious instructions in data the AI reads from external sources rather than directly from the user), which hackers have used to access private data through cross-plugin request forgery (a vulnerability where one plugin tricks another into performing unauthorized actions). The post documents a real exploit found in the wild and explains the security fix that was applied.

Embrace The Red

Fix: Upgrade to version 2.11.0 or later.

NVD/CVE Database

Fix: This issue has been addressed in version 2.11.0. Users are advised to upgrade.

NVD/CVE Database
NVD/CVE Database

Fix: Update to version 4.30.0 or later. A patch is available at https://github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43.

NVD/CVE Database

Fix: Update MLflow to version 2.3.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857.

NVD/CVE Database
Embrace The Red
May 14, 2023

ChatGPT can access YouTube transcripts through plugins, which is useful but creates a security risk called indirect prompt injection (hidden instructions embedded in content that an AI reads and then follows). Attackers can hide malicious commands in video transcripts, and when ChatGPT reads those transcripts to answer user questions, it may follow the hidden instructions instead of the user's intended request.

Embrace The Red
May 12, 2023

This resource is a tutorial and lab (an interactive learning environment for hands-on practice) that teaches prompt injection, which is a technique for tricking AI systems by embedding hidden instructions in their input. The tutorial covers examples ranging from simple prompt engineering (getting an AI to change its output) to more complex attacks like injecting malicious code (HTML/XSS, which runs unwanted scripts in web browsers) and stealing data from AI systems.

Embrace The Red
NVD/CVE Database
May 10, 2023

Prompt injection (tricking an AI by hiding instructions in its input) is a widespread vulnerability in AI education, with indirect prompt injections being particularly dangerous because they allow untrusted data to secretly take control of an LLM (large language model) and change its goals and behavior. Since attack payloads use natural language, attackers can craft many creative variations to bypass input validation (checking that data meets safety rules) and web application firewalls (security systems that filter harmful requests).

Embrace The Red

Fix: Update the AI ChatBot WordPress plugin to version 4.4.9 or later.

NVD/CVE Database

Fix: This issue has been fixed in version 3.8.4.

NVD/CVE Database

Fix: Update MLflow to version 2.3.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342.

NVD/CVE Database
Apr 27, 2023

This is a podcast episode about AI red teaming (simulated attacks to find weaknesses in AI systems) and threat modeling (planning for potential security risks) in machine learning systems. The episode explores how traditional security practices can be combined with machine learning security to better protect AI applications from attacks.

Embrace The Red
NVD/CVE Database

Fix: Upgrade to release 23.2.1.0 or later. The source explicitly states 'There are no known workarounds for this vulnerability,' so updating is the only mitigation mentioned.

NVD/CVE Database