{"id":55590,"date":"2024-03-14T13:17:20","date_gmt":"2024-03-14T13:17:20","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35650\/ChatGPT-0-Click-Plugin-Exploit-Risked-Leaked-Of-Private-GitHub-Repos.html"},"modified":"2024-03-14T13:17:20","modified_gmt":"2024-03-14T13:17:20","slug":"chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/","title":{"rendered":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/03\/AdobeStock_588907847_Editorial_Use_Only.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Vulnerabilities in ChatGPT and several of its third-party plugins risked leakage of user conversations and other account contents, including a zero-click exploit that could give an attacker access to a victim\u2019s private GitHub repositories.<\/p>\n<p>The ChatGPT plugin vulnerabilities were discovered by Salt Labs, a part of Salt Security, which published its research in a blog post Wednesday. The problems were reported to ChatGPT and plugin developers in July and September 2023, respectively, and have since been resolved, according to Salt Labs.<\/p>\n<p>ChatGPT plugins, which are now known as \u201cActions\u201d available through custom GPTs, represent the growing \u201cgenerative AI ecosystem\u201d allowing large language models (LLMs) like ChatGPT to access information outside of its training data.<\/p>\n<p>These plugins allow ChatGPT to send and receive potentially sensitive data to and from other websites, including users\u2019 private third-party accounts, creating a new potential attack vector.<\/p>\n<p>\u201cOur recent vulnerability discoveries within ChatGPT illustrate the importance of protecting the plugins within such technology to ensure that attackers cannot access critical business assets and executive account takeovers,\u201d Salt Security Vice President of Research Yaniv Balmas said in a statement.<\/p>\n<h2>OAuth implementation flaws found in ChatGPT, multiple plugins<\/h2>\n<p>The three main vulnerabilities discovered by the SaltLabs team all involved faulty implementation of the Open Authorization (OAuth) standard. OAuth allows an application to access information from accounts on other websites, without the user needing to directly provide their login credentials to the app.<\/p>\n<p>Many ChatGPT plugins, or custom GPTs, use OAuth to allow ChatGPT to access data from the user\u2019s accounts on third-party sites. Attempting to perform certain plugin actions will prompt the request and exchange of OAuth tokens between ChatGPT, the user and the third-party site.<\/p>\n<p>When improperly implemented, OAuth tokens can be intercepted, redirected or otherwise misused to allow an attacker to access a victim\u2019s account or connect a victim\u2019s account to a malicious application.<\/p>\n<p>\u201cIncreasingly, employees are entering proprietary data into AI tools \u2014 including intellectual property, financial data, business strategies and more \u2014 and unauthorized access by a malicious actor could be crippling for an organization,\u201d Darren Guccione, CEO and co-founder of Keeper Security, told SC Media in an email.<\/p>\n<p>One of the OAuth flaws discovered by Salt Labs was found in PluginLab, a framework used by many developers to create plugins for ChatGPT. The researchers found several plugins developed using PluginLab were vulnerable to a zero-click exploit that would allow an attacker to access a victim\u2019s account on sites used by the plugins, including GitHub. &nbsp;<\/p>\n<p>The researchers demonstrated how the exploit could be used on the \u201cAskTheCode\u201d plugin, which allows the user to query their GitHub repositories. They discovered that an OAuth request sent from AskTheCode to PluginLab\u2019s authorization page asked for a token based on the user\u2019s \u201cmemberID\u201d; because PluginLab did not authenticate these requests, an attacker could alter the request to insert any user\u2019s memberID.<\/p>\n<p>The memberID was found to be readily available to any attacker who already knew their target\u2019s email address, as the ID was the SHA-1 hash of the user\u2019s email address; a PluginLab API endpoint was also found to leak memberIDs when called with a request containing a user&#8217;s email.<\/p>\n<p>Once the attacker obtained an OAuth token from a request containing their target\u2019s memberID, they could forward this token to ChatGPT and use AsktheCode to access the victim\u2019s GitHub repositories from the ChatGPT interface. This would include the ability to ask for a list of all private repositories and read specific files, <a href=\"https:\/\/www.scmagazine.com\/brief\/github-secrets-exposure-on-the-rise\" data-type=\"link\" data-id=\"https:\/\/www.scmagazine.com\/brief\/github-secrets-exposure-on-the-rise\" target=\"_blank\" rel=\"noreferrer noopener\">potentially exposing proprietary code, private keys and other confidential information<\/a>.<\/p>\n<p>The other two vulnerability exploits described by Salt Labs would require a victim to click a link to expose their personal data. One, discovered in ChatGPT itself, involved an attacker creating their own plugin and having ChatGPT request an OAuth token from an attacker-controlled domain. When the OAuth token is generated, the user is redirected to an OpenAI link containing the OAuth code for authentication.<\/p>\n<p>If an attacker sends this link to the victim, and the victim is logged into their OpenAI account, clicking the link would automatically install the attacker\u2019s plugin to their account without any confirmation. The plugin could then potentially gather sensitive information from the victim\u2019s ChatGPT conversations.<\/p>\n<p>The third vulnerability was found in several ChatGPT plugins, including \u201cCharts by Kesem AI,\u201d which failed to validate the \u201credirect_uri\u201d link an OAuth token is sent to. This allows the attacker to insert their own domain as the redirect_uri and send the altered authentication link to the target.<\/p>\n<p>When the target clicks the link, an OAuth token for their own account (ex. their Kesem AI account) is sent to the attacker, who can then use it to access the victim\u2019s account contents through ChatGPT.<\/p>\n<p>\u201cThese vulnerabilities underline the importance of scrutinizing third-party integrations, even within trusted platforms like ChatGPT. IT leaders should establish internal protocols for vetting plugins before allowing employee use,\u201d Sarah Jones, cyber threat intelligence research analyst at Critical Start, told SC Media in an email.<\/p>\n<h2>Generative AI ecosystem creates new attack surface for cyber threats<\/h2>\n<p>While the ChatGPT plugin vulnerabilities were fixed shortly after their discovery, the rapid evolution and adoption of generative AI tools continues to present many emerging risks. Salt Labs says it plans to publish additional research about cyber risks its researchers have discovered in ChatGPT\u2019s custom GPT marketplace, which replaces the older plugin system.<\/p>\n<p>Threats leveraging generative AI are varied, ranging from the <a href=\"https:\/\/www.scmagazine.com\/news\/chatgpt-credentials-snagged-by-infostealers-on-225k-infected-devices\" target=\"_blank\" rel=\"noreferrer noopener\">theft of sensitive LLM inputs<\/a>, to prompt manipulations, to the <a href=\"https:\/\/www.scmagazine.com\/resource\/from-the-headlines-chatgpt-and-other-ai-text-generating-risks\" target=\"_blank\" rel=\"noreferrer noopener\">mass generation of convincing phishing emails<\/a>. <a href=\"https:\/\/www.scmagazine.com\/news\/google-gemini-bugs-enable-prompt-leaks-injection-via-workspace-plugin\" target=\"_blank\" rel=\"noreferrer noopener\">Vulnerabilities in Google\u2019s Gemini AI<\/a>, also disclosed this week, could allow an attacker to obtain hidden system prompts or abuse Gemini Advanced extensions to manipulate users into inputting sensitive information, according to HiddenLayer.<\/p>\n<p>Microsoft and OpenAI also revealed last month that <a href=\"https:\/\/www.scmagazine.com\/news\/microsoft-openai-reveal-chatgpt-use-by-state-sponsored-hackers\" target=\"_blank\" rel=\"noreferrer noopener\">ChatGPT was used by state-sponsored hackers<\/a> from Russia, North Korea, Iran and China for tasks ranging from scripting help to target reconnaissance and vulnerability research.<\/p>\n<p>\u201cAs organizations rush to leverage AI to gain a competitive edge and enhance operational efficiency, the pressure to quickly implement these solutions should not take precedence over security evaluations and employee training,\u201d Guccione said.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35650\/ChatGPT-0-Click-Plugin-Exploit-Risked-Leaked-Of-Private-GitHub-Repos.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55591,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[7513],"class_list":["post-55590","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacydata-lossflaw"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-14T13:17:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/03\/AdobeStock_588907847_Editorial_Use_Only.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos\",\"datePublished\":\"2024-03-14T13:17:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/\"},\"wordCount\":1042,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg\",\"keywords\":[\"headline,hacker,privacy,data loss,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/\",\"name\":\"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg\",\"datePublished\":\"2024-03-14T13:17:20+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,data loss,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacydata-lossflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/","og_locale":"en_US","og_type":"article","og_title":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-03-14T13:17:20+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/03\/AdobeStock_588907847_Editorial_Use_Only.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos","datePublished":"2024-03-14T13:17:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/"},"wordCount":1042,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/03\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg","keywords":["headline,hacker,privacy,data loss,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/","url":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/","name":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/03\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg","datePublished":"2024-03-14T13:17:20+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/03\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/03\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chatgpt-0-click-plugin-exploit-risked-leaked-of-private-github-repos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,data loss,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacydata-lossflaw\/"},{"@type":"ListItem","position":3,"name":"ChatGPT 0-Click Plugin Exploit Risked Leaked Of Private GitHub Repos"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55590"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55590\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55591"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}