high

ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI

Published Tue, Nov 12th, 2024

Platforms

Summary

A vulnerability in GCP's Vertex AI service allows privilege escalation and unauthorized access to sensitive LLM models. Attackers can exfiltrate these models by exploiting misconfigurations in access controls and service bindings. By exploiting custom job permissions, researchers were able to escalate their privileges and gain unauthorized access to all data services in the project. In addition, deploying a poisoned model in Vertex AI led to the exfiltration of all other fine-tuned models, posing a proprietary and sensitive data exfiltration attack risk.

Affected Services

VertexAI

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://unit42.paloaltonetworks.com/privilege-escalation-llm-model-exfil-vertex-ai/

Contributed by https://github.com/OfirBalassiano

Entry Status

Finalized

Disclosure Date

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Ofir Balassiano, Ofir Shaty, Palo Alto Networks

More vulnerabilities...

high

Sketchy Cheat Sheet

Multiple vulnerabilities were discovered in Google's Cloud Architecture Diagramming Tool, including XSS, unauthorized access to user data, and misconfigured storage buckets. The issues allowed acce...

Jakub Domeracki, EgnyteNov 9, 2024

high

Issue with data.all Framework Multiple CVEs

Multiple security vulnerabilities were identified in data.all, an open source development framework for building data marketplaces on AWS. The issues affect versions 1.0.0 through 2.6.0 and include...

Amazon Web ServicesNov 8, 2024

high

Repo swatting attack deletes/blocks GitHub and GitLab accounts

A technique called "repo swatting" allows attackers to delete GitHub and block GitLab accounts by exploiting file upload features and abuse reporting mechanisms. Attackers upload malicious files to...

Paul McCarty, SourceCodeRedNov 1, 2024

View all