Tanto Security has disclosed critical vulnerabilities in the widely-used open-source service Judge0, which could allow attackers to perform a sandbox escape and gain root access to the host machine.
The vulnerabilities, identified as CVE-2024-29021, CVE-2024-28185, and CVE-2024-28189, pose a significant threat to the security of the service, which numerous organizations employ for secure sandboxed code execution.
Judge0 is designed to run arbitrary code within a secure environment. According to the Judge0 website, the service boasts 23 clients and over 300 self-hosted instances on the public Internet.
The service is also presumed to be used within many private internal networks.
The disclosed vulnerabilities have raised concerns among development and cybersecurity communities, particularly within educational institutions and talent recruitment companies that rely on Judge0 to ensure the safe execution of code.
The discovery of the vulnerabilities was made public through a detailed blog post by Tanto Security, which outlined the process of uncovering the flaws, including source code analysis and exploitation.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
The investigation into Judge0’s security began with a casual conversation between the researcher and a friend who utilized the platform for offloading the complex task of secure code execution.
This conversation sparked the researcher’s interest, prompting a deeper exploration of Judge0’s mechanisms.
Certain oversights in the service’s default configuration made the vulnerabilities exploitable. For instance, the default password for the Judge0 configuration file is “YourPasswordHere1234,” and the deployment instructions do not explicitly advise users to change it.
This oversight could leave many instances vulnerable if the administrators did not update the default password.
Demonstration of the Attack
Furthermore, the researcher demonstrated the potential for an attacker to create a submission that could brute force the password.
By making multiple submissions, the attacker could queue up submissions and run an SQL query to modify the run arguments of a submission, ultimately leading to a sandbox escape and root access.
These vulnerabilities have severe implications, as they could allow attackers to execute arbitrary code with the highest level of privileges on the host machine.
This could lead to unauthorized access to sensitive data, disruption of services, and the potential for further exploitation within the network.
Tanto Security’s disclosure has prompted a swift response from the cybersecurity community, with calls for immediate action to patch the vulnerabilities and secure Judge0 instances.
Organizations using Judge0 are urged to review their configurations, update passwords, and apply any available security updates to mitigate the risks associated with these vulnerabilities.
Judge0 users are now tasked with reinforcing their defenses to prevent exploitation by malicious actors.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo