GitHub Advisory DatabaseGHSA-23RX-79R7-6CPXSandbox escape in Artemis Java Test Sandbox
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| de.tum.in.ase | artemis-java-test-sandbox | * | cpe:2.3:a:de.tum.in.ase:artemis-java-test-sandbox:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-23rx-79r7-6cpx
github.com/advisories/GHSA-883x-6fch-6wjx
github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392
github.com/ls1intum/Ares/issues/15#issuecomment-996449371
github.com/ls1intum/Ares/releases/tag/1.7.6
github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx
nvd.nist.gov/vuln/detail/CVE-2024-23683
vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%