CVE-2024-23683

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/advisories/GHSA-883x-6fch-6wjx	Exploit Third Party Advisory
https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392	Patch
https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371	Issue Tracking
https://github.com/ls1intum/Ares/releases/tag/1.7.6	Release Notes
https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx	Exploit Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-01-19 21:15

Updated : 2024-01-26 15:17

NVD link : CVE-2024-23683

Mitre link : CVE-2024-23683

CVE.ORG link : CVE-2024-23683

JSON object : View

Products Affected

ls1intum

artemis_java_test_sandbox

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-23683", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2024-01-19T21:15:10.340", "references": [{"url": "https://github.com/advisories/GHSA-883x-6fch-6wjx", "tags": ["Exploit", "Third Party Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392", "tags": ["Patch"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371", "tags": ["Issue Tracking"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/releases/tag/1.7.6", "tags": ["Release Notes"], "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx", "tags": ["Exploit", "Vendor Advisory"], "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.\n\n\n\n\n\n"}, {"lang": "es", "value": "Las versiones de Artemis Java Test Sandbox inferiores a 1.7.6 son vulnerables a un escape de la sandbox cuando un atacante crea una subclase especial de InvocationTargetException. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una v\u00edctima ejecuta el c\u00f3digo supuestamente aislado."}], "lastModified": "2024-01-26T15:17:29.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ls1intum:artemis_java_test_sandbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "147CDF80-6055-494C-8B01-74B48210DE43", "versionEndExcluding": "1.7.6"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}