Vulnerability Description
Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232
- https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd
- https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg
- https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
- https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232
- https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd
- https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg
- https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf
FAQ
What is CVE-2024-28189?
CVE-2024-28189 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (syml...
How severe is CVE-2024-28189?
CVE-2024-28189 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-28189?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.