CVE-2024-5184 - OpenCVE

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Emailgpt	Emailgpt

Configuration 1 [-]

cpe:2.3:a:emailgpt:emailgpt:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: SNPS

Published: 2024-06-05T17:52:13.608Z

Updated: 2024-06-06T13:12:29.208Z

Reserved: 2024-05-21T20:04:48.843Z

Link: CVE-2024-5184

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-05T18:15:11.993

Modified: 2024-06-18T17:06:20.257

Link: CVE-2024-5184

JSON object: View

Redhat Information

No data.

CWE

CWE-74

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5184", "assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "state": "PUBLISHED", "assignerShortName": "SNPS", "dateReserved": "2024-05-21T20:04:48.843Z", "datePublished": "2024-06-05T17:52:13.608Z", "dateUpdated": "2024-06-06T13:12:29.208Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "EmailGPT", "vendor": "EmailGPT", "versions": [{"lessThanOrEqual": "eecfaf2cff58793549dd0c1266ac1d62e0c8811d", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mohammed Alshehri"}], "datePublic": "2024-06-05T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service."}], "value": "The EmailGPT service contains a prompt injection vulnerability.\u00a0The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.\u00a0When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service."}], "impacts": [{"capecId": "CAPEC-43", "descriptions": [{"lang": "en", "value": "CAPEC-43: Exploiting Multiple Input Interpretation Layers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b", "shortName": "SNPS", "dateUpdated": "2024-06-05T17:52:13.608Z"}, "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Prompt Injection in EmailGPT", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "emailgpt", "product": "emailgpt", "cpes": ["cpe:2.3:a:emailgpt:emailgpt:0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "eecfaf2cff58793549dd0c1266ac1d62e0c8811d", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-06T13:10:04.946112Z", "id": "CVE-2024-5184", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:12:29.208Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emailgpt:emailgpt:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4498B69-14AF-44DF-A535-9F3B6E7A790A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The EmailGPT service contains a prompt injection vulnerability.\u00a0The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.\u00a0When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service."}, {"lang": "es", "value": "El servicio EmailGPT contiene una vulnerabilidad de inyecci\u00f3n r\u00e1pida. El servicio utiliza un servicio API que permite a un usuario malintencionado inyectar un mensaje directo y hacerse cargo de la l\u00f3gica del servicio. Los atacantes pueden aprovechar el problema obligando al servicio de inteligencia artificial a filtrar los mensajes est\u00e1ndar codificados del sistema y/o ejecutar mensajes no deseados. Al interactuar con EmailGPT enviando un mensaje malicioso que solicita informaci\u00f3n da\u00f1ina, el sistema responder\u00e1 proporcionando los datos solicitados. Esta vulnerabilidad puede ser aprovechada por cualquier persona con acceso al servicio."}], "id": "CVE-2024-5184", "lastModified": "2024-06-18T17:06:20.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "disclosure@synopsys.com", "type": "Secondary"}]}, "published": "2024-06-05T18:15:11.993", "references": [{"source": "disclosure@synopsys.com", "tags": ["Third Party Advisory"], "url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html"}], "sourceIdentifier": "disclosure@synopsys.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "disclosure@synopsys.com", "type": "Secondary"}]}