Who discovered the vulnerability in EmailGPT?

The vulnerability was discovered by the Synopsys Cybersecurity Research Center (CyRC).

What is the CVSS score of the EmailGPT vulnerability?

The CVSS score of the EmailGPT vulnerability is 6.5.

What can the vulnerability in EmailGPT lead to?

The vulnerability allows malicious users to inject harmful prompts, potentially causing the AI service to leak hard-coded system prompts, execute unintended prompts, reveal confidential data, or perform unintended operations based on the injected prompts.

Which branch of the EmailGPT software is affected by the vulnerability?

The flaw affects the 'main' branch of the EmailGPT software.

What is the potential impact of the EmailGPT vulnerability?

The potential impact of the attack includes the leaking of intellectual property or the content of emails submitted to the LLM, and financial loss due to DoS-type attacks sending queries to the service.

What recommendations has CyRC made to prevent exploitation of the EmailGPT vulnerability?

CyRC recommends removing EmailGPT from networks to prevent exploitation, educating the organization on such risks, and enforcing policies on the installation and use of third-party applications with sensitive applications.

Advisory

Flaws in EmailGPT expose users to prompt Injection risk

published: June 6, 2024

Take action: Use another service and plugin. Even though the vulnerability is not critical, having no response from the developers means that a more severe flaw will also not be addressed. You can find a better product.

Learn More

A vulnerability has been identified in EmailGPT, an API service and Google Chrome extension designed to assist users in writing emails within Gmail using OpenAI’s GPT models.

The flaw is discovered by the Synopsys Cybersecurity Research Center (CyRC) and scored at CVSS score 6.5. The vulnerability allows malicious users to inject harmful prompts, potentially taking over the service's logic. This can result in the AI service leaking hard-coded system prompts or executing unintended prompts, thus exposing sensitive information.

Attackers submit specially crafted prompts to the EmailGPT service, causing it to process these malicious prompts and execute unintended actions. These actions could include revealing confidential data or executing operations based on the injected prompts.

The flaw affects the "main" branch of EmailGPT software

Potential impact of the attack includes leaking of intellectual property or of content of emails submitted to the LLM and financial loss due to DoS type of sending queries to the service.

CyRC recommends removing EmailGPT from networks to prevent exploitation, educate the organizaton on such risks and enforce policies on the installation and use of third-party applications with sensitive applications.

The developers of EmailGPT have not responded to CyRC within the 90-day disclosure period.

Flaws in EmailGPT expose users to prompt Injection risk