CVE-2024-34099 – ZDI-CAN-XXXX: [Pwn2Own] Acrobat sandbox bypass part 2 of 2
https://notcve.org/view.php?id=CVE-2024-34099
Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. • https://helpx.adobe.com/security/products/acrobat/apsb24-29.html • CWE-284: Improper Access Control •
CVE-2024-4671 – Google Chromium Visuals Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. • https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html https://issues.chromium.org/issues/339266700 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N https://lists.fedoraproject.org/archives/list/ • CWE-416: Use After Free •
CVE-2024-32980 – Spin contains a potential network sandbox escape for specifically configured Spin applications
https://notcve.org/view.php?id=CVE-2024-32980
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. The following conditions need to be met for an application to be vulnerable: 1. The environment Spin is deployed in routes requests to the Spin runtime based on the request URL instead of the `Host` header, and leaves the `Host` header set to its original value; 2. The Spin application's component handling the incoming request is configured with an `allow_outbound_hosts` list containing `"self"`; and 3. • https://github.com/fermyon/spin/commit/b3db535c9edb72278d4db3a201f0ed214e561354 https://github.com/fermyon/spin/security/advisories/GHSA-f3h7-gpjj-wcvh • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2024-34347 – @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
https://notcve.org/view.php?id=CVE-2024-34347
Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. ... In the case of @hoppscotch/js-sandbox, multiple references to external objects are passed into the vm context to allow pre-request scripts interactions with environment variables and more. But this also allows the pre-request script to escape the sandbox. ... Antes de 0.8.0, el paquete @hoppscotch/js-sandbox proporciona un entorno limitado de Javascript que utiliza el módulo vm de Node.js. ... En el caso de @hoppscotch/js-sandbox, se pasan múltiples referencias a objetos externos al contexto de la máquina virtual para permitir interacciones de scripts de solicitud previa con variables de entorno y más. • https://github.com/hoppscotch/hoppscotch/commit/22c6eabd133195d22874250a5ae40cb26b851b01 https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-qmmm-73r2-f8xr • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-34145 – jenkins-plugin/script-security: sandbox bypass via sandbox-defined classes
https://notcve.org/view.php?id=CVE-2024-34145
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra clases definidas en la sandbox que ocultan clases específicas no definidas en la sandbox en Jenkins Script Security Plugin 1335.vf07d9ce377a_e y versiones anteriores permite a atacantes con permiso para definir y ejecutar scripts en la sandbox, incluidos Pipelines, para eludir la protección de la sandbox y ejecutar de forma arbitraria. código en el contexto de la JVM del controlador Jenkins. A sandbox bypass vulnerability was found in the Jenkins Script Security Plugin within the sandbox-defined classes, enabling the circumvention of security restrictions. ... This security mechanism intercepts calls within sandboxed scripts, referencing various allowlists to decide whether these calls should be permitted. The vulnerabilities that allow for sandbox bypass have been identified in versions up to 1335.vf07d9ce377a_e of the Script Security Plugin. ... These improvements ensure that calls to super constructors are intercepted by the sandbox, including: - Ensuring that calls to other constructors via 'this' are now appropriately managed within the sandbox. - No longer overlooking classes in packages that may be overshadowed by Groovy-defined classes when intercepting super constructor calls. • http://www.openwall.com/lists/oss-security/2024/05/02/3 https://www.jenkins.io/security/advisory/2024-05-02/#SECURITY-3341 https://access.redhat.com/security/cve/CVE-2024-34145 https://bugzilla.redhat.com/show_bug.cgi?id=2278821 • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •