CVE-2024-23683

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-23683
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23683.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-23683
Aliases
Related
Published
2024-01-19T21:15:10.340Z
Modified
2026-04-12T08:03:58.957753Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.

References

Affected packages

Git / github.com/ls1intum/ares

Affected ranges

Type
GIT
Repo
https://github.com/ls1intum/ares
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
00b2f1ce7418799692b57d36d1a146c4176769a9
Fixed
af4f28a56e2fe600d8750b3b415352a0a3217392
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.6"
        }
    ]
}

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.2.0
0.2.1
0.2.10
0.2.11
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.10
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.5.0
0.5.1
0.5.2
1.*
1.0.0
1.0.1
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23683.json"
vanir_signatures_modified 
"2026-04-12T08:03:58Z"
vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "function_hash": "91041778157091034273775672314669649084",
            "length": 77.0
        },
        "id": "CVE-2024-23683-398a74e6",
        "deprecated": false,
        "target": {
            "file": "src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java",
            "function": "isStackFrameNotWhitelisted"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "function_hash": "91041778157091034273775672314669649084",
            "length": 77.0
        },
        "id": "CVE-2024-23683-43a963df",
        "deprecated": false,
        "target": {
            "file": "src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java",
            "function": "isStackFrameNotWhitelisted"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "222205789407418788474075314404689175523",
                "141164050084984609245935767226232236384",
                "156343930777716367873994039976103801366",
                "317059080510283267124805400641719625359",
                "189578305198010978548200253552890918350",
                "109430796302876757239311501404605316364",
                "74352941672582042204684535201878556537",
                "289195920905313920012599656317085856752",
                "171946176488872699425260201964592984937",
                "90588293999896277214489271403206848254",
                "201049305673356382225460606575510533144",
                "29081392146851609479303117710157628106",
                "115273424948078918029364487614495336000",
                "192573661888202677828166159895114497735"
            ]
        },
        "id": "CVE-2024-23683-7634eab7",
        "deprecated": false,
        "target": {
            "file": "src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83182084848695103237194630523254580788",
                "72679568107938830421101508861884408882",
                "287426575106356707455979033511220304110",
                "162137659482882909441402744159934645789",
                "134646402298426598656430605439642988944",
                "98664696469054867791458193713579996220",
                "62708531796600342465410636699972701964"
            ]
        },
        "id": "CVE-2024-23683-7ac33079",
        "deprecated": false,
        "target": {
            "file": "src/test/java/de/tum/in/testuser/subject/SecurityPenguin.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "142768463121291939267304117535844888559",
                "153270359424483563679864124219238535622",
                "314394540882089252058579793378577098906",
                "129063387080871711096715450436181080609",
                "2338497979486980444561307968245500580",
                "248797620933809427113398123824239314886",
                "201228074461220207361278231978690349862"
            ]
        },
        "id": "CVE-2024-23683-8b72c3f9",
        "deprecated": false,
        "target": {
            "file": "src/test/java/de/tum/in/test/api/SecurityTest.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "215216012792422391372707087655954272598",
                "222375496661569092491691136946616624713",
                "299103497640953431578263464797238838367",
                "336262879651085811756256670274101006059"
            ]
        },
        "id": "CVE-2024-23683-aa228765",
        "deprecated": false,
        "target": {
            "file": "src/main/java/de/tum/in/test/api/security/SecurityConstants.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "130181205586836982141103177590829587272",
                "180049987335371414801804783008839513597",
                "154122635051108541042351309584078805974"
            ]
        },
        "id": "CVE-2024-23683-b311812c",
        "deprecated": false,
        "target": {
            "file": "src/test/java/de/tum/in/testuser/SecurityUser.java"
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/ls1intum/ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392",
        "digest": {
            "function_hash": "154066451263533229432428421302153373787",
            "length": 402.0
        },
        "id": "CVE-2024-23683-ea23abf5",
        "deprecated": false,
        "target": {
            "file": "src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java",
            "function": "isCallNotWhitelisted"
        }
    }
]