Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk


Judge0, an open-source service for running arbitrary code within secure sandboxes, has been found to harbor vulnerabilities that could potentially expose systems to complete takeover. 

Tanto Security uncovered these vulnerabilities, labeled CVE-2024-29021, CVE-2024-28185 and CVE-2024-28189, which could allow attackers with sufficient access to execute sandbox escapes and gain root permissions on host machines.

According to the security experts, this revelation comes amid growing dependence on Judge0 by organizations focused on development and cybersecurity, including educational institutions and talent recruitment firms.

Such entities rely on Judge0 to execute code securely, particularly in competitive programming environments where the accuracy of code outputs is paramount.

Upon inspecting the Judge0 codebase, Tanto Security identified critical weaknesses. One significant aspect is the utilization of the isolate binary, which leverages Linux namespaces and control groups akin to Docker containers.

However, the container runs in a privileged mode, enabling access to restricted components of the host system, posing a substantial risk if accessed by malicious actors.

The investigation delved into various facets of the Judge0 infrastructure, revealing exploitable points in the code execution process. Notably, vulnerabilities were found in the processing of user-submitted code, allowing for the injection of malicious commands.

These flaws extended to the interaction between Judge0’s components, such as the execution of commands outside the sandbox environment, leading to potential system compromise.

Read more on sandbox security: Infostealer Lumma Evolves With New Anti-Sandbox Method

Despite Judge0’s developer’s initial patching efforts, subsequent bypasses were discovered, highlighting persistent vulnerabilities in the platform.

These findings underscore the ongoing challenges in securing complex software systems, particularly those with intricate interaction points and privileged access to system resources.

The timeline of events illustrates a swift response from both the security researchers and the Judge0 development team in addressing the identified vulnerabilities.

However, the iterative nature of these discoveries emphasizes the need for continuous vigilance and proactive security measures to safeguard against emerging threats in the cybersecurity landscape.



Source link