CVE-2024-40594

LOW

OpenAI ChatGPT <2024-07-05 - Info Disclosure

Title source: llm

Description

The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps.

References (2)

[Various Sources] https://arstechnica.com/ai/2024/07/chatgpts-much-heralded-mac-app-was-storing-conversations-as-plain-text/

[Various Sources] https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

Scores

CVSS v3 2.3

EPSS 0.0001

EPSS Percentile 3.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312

Status published

Published Jul 06, 2024

Tracked Since Feb 18, 2026