CVE-2024-40594
2.3
CVSS:3.1/AC:L/AV:L/A:N/C:L/I:N/PR:H/S:U/UI:N
Summary
The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-conversations-as-plain-text/
- https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
References
- https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-conversations-as-plain-text/
- https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.