CVE-2024-23682

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/advisories/GHSA-227w-wv4j-67h4	Exploit Third Party Advisory
https://github.com/ls1intum/Ares/issues/15	Issue Tracking
https://github.com/ls1intum/Ares/releases/tag/1.8.0	Release Notes
https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4	Exploit Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-19 21:15

Updated : 2024-01-26 15:08

NVD link : CVE-2024-23682

Mitre link : CVE-2024-23682

CVE.ORG link : CVE-2024-23682

JSON object : View

Products Affected

ls1intum

artemis_java_test_sandbox

CWE

NVD-CWE-noinfo CWE-501

Trust Boundary Violation

CWE-653

Improper Isolation or Compartmentalization

{"id": "CVE-2024-23682", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2024-01-19T21:15:10.273", "references": [{"url": "https://github.com/advisories/GHSA-227w-wv4j-67h4", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/issues/15", "tags": ["Issue Tracking"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/releases/tag/1.8.0", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4", "tags": ["Exploit", "Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-501"}, {"lang": "en", "value": "CWE-653"}]}], "descriptions": [{"lang": "en", "value": "Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n"}, {"lang": "es", "value": "Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares conf\u00eda. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado."}], "lastModified": "2024-01-26T15:08:33.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12206DA2-20AE-4357-A395-4CB389485D00", "versionEndExcluding": "1.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}