Lucene search

[email protected]NVD:CVE-2024-28189

HistoryApr 18, 2024 - 3:15 p.m.

CVE-2024-28189

2024-04-1815:15:29

CWE-61

CWE-59

[email protected]

web.nvd.nist.gov

judge0

code execution

unix

chown

sandbox

symlink

arbitrary files

cve-2024-28189

bypass

sandbox escape

patch

vulnerability

fix

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it’s own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.

References

github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232

github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd

github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg

github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for NVD:CVE-2024-28189

cve2 cvelist2 osv2 vulnrichment1 thn1 nvd1