2024-09-26 00:00:00
mitre
PUBLISHED
Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the users sensitive chat data of the current session to a malicious third-party or attacker-controlled server.