Lucene search

GitHub_MCVELIST:CVE-2024-28189

HistoryApr 18, 2024 - 2:40 p.m.

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

2024-04-1814:40:29

CWE-59

CWE-61

GitHub_M

www.cve.org

judge0

sandbox escape

chown

vulnerability

symbolic link

patch bypass

cve-2024-28189

unix command

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it’s own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.

CNA Affected

[
  {
    "vendor": "judge0",
    "product": "judge0",
    "versions": [
      {
        "version": "<= 1.13.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232

github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd

github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg

github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-28189