漏洞标题
Judge0存在Symbolic Link沙箱逃逸漏洞。
漏洞描述信息
Judge0是一个开源的在线代码执行系统。该应用没有考虑沙箱目录内的符号链接,攻击者可以利用这一点写入任意文件并在沙箱外部执行代码。在执行提交时,Judge0会在沙箱目录中写入一个`run_script`。安全问题在于攻击者可以在执行此代码之前,在路径`run_script`上创建一个符号链接(symlink),导致`f.write`将内容写入未受沙箱保护系统上的任意文件。攻击者可以利用此漏洞覆盖系统上的脚本并获取沙箱外部的代码执行权限。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
漏洞类别
在文件访问前对链接解析不恰当(链接跟随)
漏洞标题
Judge0 vulnerable to Sandbox Escape via Symbolic Link
漏洞描述信息
Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbitrary file on the unsandboxed system. An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Judge0 CE 安全漏洞
漏洞描述信息
Judge0 CE是Judge0开源的一个开源在线代码执行系统。 Judge0 CE 1.13.1之前版本存在安全漏洞,该漏洞源于应用程序不考虑放置在沙箱目录内的符号链接,攻击者利用该漏洞可以使用该符号链接写入任意文件并在沙箱外执行代码。
CVSS信息
N/A
漏洞类别
其他