GoogleOSV:GHSA-23RX-79R7-6CPXSandbox escape in Artemis Java Test Sandbox
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
References
github.com/advisories/GHSA-883x-6fch-6wjx
github.com/ls1intum/Ares
github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392
github.com/ls1intum/Ares/issues/15#issuecomment-996449371
github.com/ls1intum/Ares/releases/tag/1.7.6
github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx
nvd.nist.gov/vuln/detail/CVE-2024-23683
vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx
Related
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%