// For flags

CVE-2024-23682

Artemis Java Test Sandbox Class Loading Escape

Severity Score

8.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

Las versiones de Artemis Java Test Sandbox anteriores a 1.8.0 son vulnerables a un escape de la sandbox cuando un atacante incluye archivos de clase en un paquete en el que Ares confía. Un atacante puede abusar de este problema para ejecutar Java arbitrario cuando una víctima ejecuta el código supuestamente aislado.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2024-01-19 CVE Reserved
  • 2024-01-19 CVE Published
  • 2024-01-27 EPSS Updated
  • 2024-08-01 CVE Updated
  • 2024-08-01 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-501: Trust Boundary Violation
  • CWE-653: Improper Isolation or Compartmentalization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ls1intum
Search vendor "Ls1intum"
 Artemis Java Test Sandbox
Search vendor "Ls1intum" for product "Artemis Java Test Sandbox"
 < 1.8.0
Search vendor "Ls1intum" for product "Artemis Java Test Sandbox" and version " < 1.8.0"
-
Affected