CVE-2024-40594

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-40594
CWE	https://cwe.mitre.org/data/definitions/312.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-40594

CWE

https://cwe.mitre.org/data/definitions/312.html

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Potential Mitigations

https://cwe.mitre.org/data/definitions/37.html

References

https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-conversations-as-plain-text/
https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-conversations-as-plain-text/
https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

Cleartext Storage of Sensitive Information

Weakness

Potential Mitigations

Related Attack Patterns

References