GitHub Advisory DatabaseGHSA-HJ55-9JMV-9JRJSandbox escape in Artemis Java Test Sandbox
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| de.tum.in.ase | artemis-java-test-sandbox | * | cpe:2.3:a:de.tum.in.ase:artemis-java-test-sandbox:*:*:*:*:*:*:*:* |
References
github.com/advisories/GHSA-227w-wv4j-67h4
github.com/advisories/GHSA-hj55-9jmv-9jrj
github.com/ls1intum/Ares/issues/15
github.com/ls1intum/Ares/releases/tag/1.8.0
github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4
nvd.nist.gov/vuln/detail/CVE-2024-23682
vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
5.1%