CVSS: 9.8EPSS: 43%CPEs: 3EXPL: 1CVE-2024-34144 – jenkins-plugin/script-security: sandbox bypass via crafted constructor bodies
https://notcve.org/view.php?id=CVE-2024-34144
02 May 2024 — A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. Una vulnerabilidad de omisión de la sandbox que involucra cuerpos de constructores manipulados en Jenkins Script Security Plugin 1335.vf07d... • https://github.com/MXWXZ/CVE-2024-34144 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 94%CPEs: 2EXPL: 18CVE-2024-4040 – CrushFTP VFS Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-4040
22 Apr 2024 — A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. VFS Sandbox Escape en CrushFTP en todas las versiones anteriores a 10.7.1 y 11.1.0 en todas las plataformas permite a atacantes remotos con privilegi... • https://packetstorm.news/files/id/180590 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-32462 – Flatpak vulnerable to a sandbox escape via RequestBackground portal due to bad argument parsing
https://notcve.org/view.php?id=CVE-2024-32462
18 Apr 2024 — When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. ... Cuando esto se convierte en un `--command` y argumentos, logra el mismo efecto de pasar argumentos directamente a `bwrap` y, por lo tanto, puede usarse para un escape sandbox. ... This is normally safe because it can... • http://www.openwall.com/lists/oss-security/2024/04/18/5 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29021 – SSRF into Sandbox Escape through Unsafe Default Configuration
https://notcve.org/view.php?id=CVE-2024-29021
18 Apr 2024 — The default configuration of Judge0 leaves the service vulnerable to a sandbox escape via Server Side Request Forgery (SSRF). • https://github.com/judge0/judge0/blob/ad66f77b131dbbebf2b9ff8083dca9a68680b3e5/app/jobs/isolate_job.rb#L203-L230 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1393: Use of Default Password •
CVSS: 10.0EPSS: 64%CPEs: 1EXPL: 1CVE-2024-28189 – Judge0 vulnerable to Sandbox Escape Patch Bypass via chown running on Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28189
18 Apr 2024 — The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1. ... Judge0 does not ... • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 67%CPEs: 1EXPL: 1CVE-2024-28185 – Judge0 vulnerable to Sandbox Escape via Symbolic Link
https://notcve.org/view.php?id=CVE-2024-28185
18 Apr 2024 — The application does not account for symlinks placed inside the sandbox directory, which can be leveraged by an attacker to write to arbitrary files and gain code execution outside of the sandbox. When executing a submission, Judge0 writes a `run_script` to the sandbox directory. ... An attacker can leverage this vulnerability to overwrite scripts on the system and gain code execution outside of the sandbox. ... Al ejecutar un envío, Judge0 escribe un `run_script` en el directori... • https://packetstorm.news/files/id/182718 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3157 – Debian Security Advisory 5656-1
https://notcve.org/view.php?id=CVE-2024-3157
10 Apr 2024 — Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. • https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_10.html • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-2839 – Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2839
01 Apr 2024 — The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'colibri_post_title' shortcode in all versions up to, and including, 1.0.263 due to insufficient input sanitization and output escaping on user supplied attributes such as 'heading_type'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Colibr... • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 32EXPL: 0CVE-2024-29944 – Mozilla Firefox Exposed Dangerous Function Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2024-29944
22 Mar 2024 — This vulnerability allows remote attackers to escape the sandbox on affected installations of Mozilla Firefox. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code in the context of the current user at medium integrity. • http://www.openwall.com/lists/oss-security/2024/03/23/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-830: Inclusion of Web Functionality from an Untrusted Source •
CVSS: 9.0EPSS: 57%CPEs: 1EXPL: 5CVE-2024-28116 – Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
https://notcve.org/view.php?id=CVE-2024-28116
21 Mar 2024 — Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. • https://packetstorm.news/files/id/182033 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •