CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34145 – jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes
https://notcve.org/view.php?id=CVE-2024-34145
02 May 2024 — A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. ... A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, en... • http://www.openwall.com/lists/oss-security/2024/05/02/3 • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 9.8EPSS: 43%CPEs: 3EXPL: 1CVE-2024-34144 – jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
https://notcve.org/view.php?id=CVE-2024-34144
02 May 2024 — A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. ... A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin involving crafted constructor bodies, enabling the circumvention of security restric... • https://github.com/MXWXZ/CVE-2024-34144 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 18CVE-2024-4040 – CrushFTP VFS Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-4040
22 Apr 2024 — A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegios bajos leer archivos del s... • https://packetstorm.news/files/id/180590 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32462 – Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
https://notcve.org/view.php?id=CVE-2024-32462
18 Apr 2024 — When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. ... When a crafted "commandline" is converted into a "--command" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape. • http://www.openwall.com/lists/oss-security/2024/04/18/5 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29021 – SSRF into Sandbox Escape through Unsafe Default Configuration
https://notcve.org/view.php?id=CVE-2024-29021
18 Apr 2024 — The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). • https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 64%CPEs: 1EXPL: 1CVE-2024-28189 – Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28189
18 Apr 2024 — This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 67%CPEs: 1EXPL: 1CVE-2024-28185 – Judge0 vulnerable to Sandbox Escape via Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28185
18 Apr 2024 — Judge0 is an open-source online code execution system. The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. The security issue is that an attacker can create a symbolic link (symlink) at the path `run_script` before this code is executed, resulting in the `f.write` writing to an arbi... • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157 – Debian Security Advisory 5656-1
https://notcve.org/view.php?id=CVE-2024-3157
10 Apr 2024 — Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2839 – Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2839
01 Apr 2024 — The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Colibr... • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
22 Mar 2024 — An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. Un atacante pudo inyectar un controlador de eventos en un objeto privilegiado que permitiría la ejecución arbitraria de JavaScript en el proceso principal. Nota: Esta vulnerabilidad afecta única... • http://www.openwall.com/lists/oss-security/2024/03/23/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-830: Inclusion of Web Functionality from an Untrusted Source •