CVE-2024-28189

CRITICAL

Judge0 <1.13.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-28189. PoCs published by Tanto Security, Takahiro Yokoyama, including Metasploit module exploits/linux/http/judge0_sandbox_escape_cve_2024_28189.

AI-analyzed exploit summary This Metasploit module exploits a sandbox escape vulnerability in Judge0 by leveraging symlinks to write arbitrary files and achieve remote code execution. It abuses the submission system to manipulate cron jobs and execute payloads outside the sandbox.

Description

Judge0 is an open-source online code execution system. The application uses the UNIX chown command on an untrusted file within the sandbox. An attacker can abuse this by creating a symbolic link (symlink) to a file outside the sandbox, allowing the attacker to run chown on arbitrary files outside of the sandbox. This vulnerability is not impactful on it's own, but it can be used to bypass the patch for CVE-2024-28185 and obtain a complete sandbox escape. This vulnerability is fixed in 1.13.1.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Tanto Security, Takahiro Yokoyama · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/judge0_sandbox_escape_cve_2024_28189.rb

View Code ZIP pw:eip

This Metasploit module exploits a sandbox escape vulnerability in Judge0 by leveraging symlinks to write arbitrary files and achieve remote code execution. It abuses the submission system to manipulate cron jobs and execute payloads outside the sandbox.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Judge0 <= 1.13.0

No auth needed

Prerequisites: Network access to Judge0 API (port 2358) · Ability to submit code executions

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1059.004 - Unix Shell T1036 - Masquerading T1053 - Scheduled Task/Job

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/judge0/judge0/security/advisories/GHSA-3xpw-36v7-2cmg

Vendor Advisory x_refsource_misc

https://github.com/judge0/judge0/security/advisories/GHSA-h9g2-45c8-89cf

Patch x_refsource_misc

https://github.com/judge0/judge0/commit/f3b8547b3b67863e4ea0ded3adcb963add56addd

View Patch ZIP pw:eip

Various Sources x_refsource_misc

https://github.com/judge0/judge0/blob/v1.13.0/app/jobs/isolate_job.rb#L232

View Writeup ZIP pw:eip

Scores

CVSS v3 10.0

EPSS 0.0721

EPSS Percentile 93.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-59 CWE-61

Status published

Products (1)

judge0/judge0 <= 1.13.0

Published Apr 18, 2024

Tracked Since Feb 18, 2026