CVE-2024-48142

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 24, 2024 / Updated: 26d ago

010
CVSS 7.5EPSS 0.04%High
CVE info copied to clipboard

A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48142

Oct 24, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48142. See article

Oct 24, 2024 at 7:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 24, 2024 at 7:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.8%)

Oct 25, 2024 at 10:07 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 25, 2024 at 6:40 PM / nvd
Static CVE Timeline Graph

Affected Systems

Getgist/chatbox
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-48142
High Severity Description A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Read more at https://www.tenable.com/cve/CVE-2024-48142
NA - CVE-2024-48142 - A prompt injection vulnerability in the chatbox...
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data...
CVE-2024-48142 | Butterfly Effect Limited Monica ChatGPT AI Assistant 2.4.0 Chatbox injection
A vulnerability classified as critical was found in Butterfly Effect Limited Monica ChatGPT AI Assistant 2.4.0 . Affected by this vulnerability is an unknown functionality of the component Chatbox . The manipulation leads to injection. This vulnerability is known as CVE-2024-48142 . The attack can only be done within the local network. There is no exploit available.
CVE-2024-48142
A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted...
CVE-2024-48142 - Butterfly Effect Limited Monica ChatGPT AI Assistant Chatbox Prompt Injection Vulnerability
CVE ID : CVE-2024-48142 Published : Oct. 24, 2024, 7:15 p.m. 22 minutes ago Description : A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica ChatGPT AI Assistant v2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI