TLDR:<p>The state variable that ChatGPT uses in the integration with plugins, was not random.
Attackers could install a malicious plugin on a victim by sending a link that mimic the last step of the OAuth flow.<p>The takeaway:
If your company has an OAuth, make sure the state parameter is random. That's a common mistake.<p>https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data
The link is not clickable:
<a href="https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data" rel="nofollow">https://salt.security/blog/security-flaws-within-chatgpt-ext...</a>