Critical Sandbox Escape Vulnerabilities in Judge0 Could Lead to Full System Takeover

Multiple serious security vulnerabilities have been uncovered in Judge0, an open-source online code execution platform, posing significant risks for its users. These flaws potentially allow malicious actors to escape the established sandbox environment and execute code with root privileges on the host system, according to a report by the Australian cybersecurity firm Tanto Security.

In their findings, Tanto Security highlighted three critical vulnerabilities that could be exploited by an adversary with adequate access to the system. Judge0, known for its scalability and open-source capabilities, is utilized by various educational and coding platforms, such as AlgoDaily and CodeChum. The system has reportedly been forked over 400 times on GitHub, demonstrating its widespread adoption in the tech community.

The vulnerabilities—revealed by researcher Daniel Cooper in March 2024—include a critical flaw that allows attackers to create symbolic links within the sandbox directory. This oversight enables them to gain unauthorized write access to arbitrary files, effectively breaking out of the sandbox. A second vulnerability is a patch bypass related to the first issue, exploiting the UNIX chown command on untrusted files within the sandbox to elevate privileges. The third vulnerability involves a Server-Side Request Forgery (SSRF) configuration that could facilitate unsandboxed code execution by gaining access to the Judge0 API.

The root of these issues lies in a Ruby script responsible for establishing the sandbox environment and processing code submissions. Specifically, during the setup, attackers can manipulate the environment to enable writing to files on the unsandboxed system, which could lead to the execution of malicious scripts. This manipulation can compromise both the Docker container managing the execution and the underlying system.

The exploitation of these vulnerabilities aligns with tactics identified in the MITRE ATT&CK Framework, notably persistence and privilege escalation. Attackers could utilize initial access vulnerabilities to enter the system, escalate their privileges through configuration flaws, and compromise critical components like databases. This could lead to scenarios where attackers gain extensive control over the Judge0 environment, posing risks to sensitive data and internal networks.

Upon being informed about these vulnerabilities, the maintainers of Judge0 addressed the issues in version 1.13.1, released on April 18, 2024. Users are strongly encouraged to update to this version to mitigate potential exploits. By maintaining awareness of such vulnerabilities and taking appropriate actions, organizations can better protect their systems against the ever-evolving landscape of cyber threats.

As the cybersecurity landscape continues to change, the significance of timely updates and the implementation of security best practices become paramount for safeguarding sensitive information and maintaining operational integrity. The Judge0 incident serves as a reminder of the inherent risks associated with open-source software and the importance of diligence in addressing security vulnerabilities.

Source link