Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2025/02/05 12:57 a.m.6 views

CVE-2024-28189

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...

10CVSS7.5AI score0.07211EPSS
Exploits2References1
circl
circl
added 2024/11/20 10:41 p.m.4 views

CVE-2024-28189

creationtimestamp| type| source ---|---|--- 2024-11-20 22:41:34+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/judge0sandboxescapecve202428189.rb 2025-02-06 03:13:46+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...

10CVSS8.6AI score0.07211EPSS
Exploits2References1
nvd
nvd
added 2024/04/18 3:15 p.m.27 views

CVE-2024-28189

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...

10CVSS9.7AI score0.07211EPSS
Exploits2References4
cve
cve
added 2024/04/18 2:40 p.m.92 views

CVE-2024-28189

Judge0 sandbox escape (CVE-2024-28189) arises when the sandbox writes run_script to its directory and an attacker uses a symbolic link to target files outside the sandbox. This allows chown to be executed on arbitrary outside-of-sandbox files, enabling a sandbox escape and potentially complete RC...

10CVSS9.6AI score0.07211EPSS
Exploits2References4
vulnrichment
vulnrichment
added 2024/04/18 2:40 p.m.17 views

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...

10CVSS7.5AI score0.07211EPSS
Exploits2References4
cvelist
cvelist
added 2024/04/18 2:40 p.m.37 views

CVE-2024-28189 Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link symlink to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside o...

10CVSS9.9AI score0.07211EPSS
Exploits2References4
Rows per page
Query Builder