low

Amazon Q for Business Data Exfiltration

Published Thu, Jan 18th, 2024

Platforms

Summary

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltration of the victim’s data by rendering hyperlinks.

Affected Services

Amazon Q

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2024/aws-amazon-q-fixes-markdown-rendering-vulnerability/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Mon, Dec 4th, 2023

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Johann Rehberger

More vulnerabilities...

high

Microsoft Healthcare Chatbot Vulnerabilities

Multiple vulnerabilities in Microsoft's Azure Health Bot service were discovered, allowing access to sensitive infrastructure and confidential medical data. Issues included sandbox escapes, unrestr...

Yanir Tsarimi, Breachproof

Mon, Jan 1st, 2024

high

Amazon Cognito Rate Limit Bypass Vulnerability

A rate limit bypass vulnerability was discovered in Amazon Cognito, allowing attackers to potentially brute-force login credentials, password reset PINs, and MFA codes by sending requests in parall...

Daniel Lümmel, LuemmelSec

Wed, Dec 27th, 2023

high

Azure Pipelines Agent poisoned pipeline execution

Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed repository (github.com/actions/runner-images). This repo was misconfigured to...

Adnan Khan

Wed, Dec 20th, 2023

View all