Author: Ragavendra Krishna Kumar
Severity: π¨ MEDIUM
Perplexity AI (https://www.perplexity.ai)
Perplexity AI Web Application
2.51.0 (GPT-4)
Shared Chat Session URLs (/search/<token> endpoint)
An issue in Perplexity AI GPT-4 allows a remote attacker to obtain sensitive information via a GET parameter without proper authorization.
This vulnerability enables unauthorized access to sensitive chatbot content, including:
- Legal, medical, or financial questions
- Personally Identifiable Information (PII)
- Corporate or proprietary information
- Severe privacy breach, especially if shared unknowingly
- Regulatory compliance risks, including:
- GDPR (Article 5, 32): Violations of confidentiality and data minimization
- CCPA: Unauthorized access to user data
https://www.perplexity.ai/search/
Example token: hi-RxWG5knCTUurDLABy27PMg
- Log in to your Perplexity AI account (or proceed as a guest).
- Obtain or observe another user's chat token (e.g., via shared link or recon).
- Paste a modified URL such as: https://www.perplexity.ai/search/hi-RxWG5knCTUurDLABy27PMg
- Open the link in incognito mode (even without being logged in).
- Observe that the chat history of another user is accessible without authentication.
- Performed successfully in incognito mode.
- No login required to retrieve another user's chat via token.
- Confirmed repeatable with multiple valid tokens.
- The link is accessed by someone else (via referrer leak, history, logs, etc.).
- The full conversation is visible β no authentication required.
