low

Amazon Q for Business Data Exfiltration

Published Thu, Jan 18th, 2024

Platforms

Summary

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltration of the victim’s data by rendering hyperlinks.

Affected Services

Amazon Q

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2024/aws-amazon-q-fixes-markdown-rendering-vulnerability/

Contributed by https://github.com/ramimac

Entry Status

Finalized

Disclosure Date

Mon, Dec 4th, 2023

Exploitablity Period

-

Known ITW Exploitation

-

Detection Methods

-

Piercing Index Rating

-

Discovered by

Johann Rehberger

More vulnerabilities...

low

Amazon Q for Business Data Exfiltration

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltra...

Johann Rehberger

Thu, Jan 18th, 2024

low

Amazon Q for Business Data Exfiltration

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltra...

Johann Rehberger

Thu, Jan 18th, 2024

low

Amazon Q for Business Data Exfiltration

An Indirect Prompt Injection attack can cause the LLM to return markdown tags. This allows an adversary who’s data makes it into the chat context (e.g via an uploaded file) to achieve data exfiltra...

Johann Rehberger

Thu, Jan 18th, 2024