Description
The application unintentionally reveals sensitive parts of its internal system prompts in the output. This exposure could allow attackers to gain insights into the system's internal processing. Note: This alert may be a false positive as Large Language Models (LLMs) are known to occasionally hallucinate or generate responses that appear to contain system prompts but may not actually reflect the real system configuration.
Remediation
Implement stricter output handling controls to ensure sensitive prompt data is removed or obfuscated before response delivery.
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2044)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1099)
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)