Priya PatelTLDR:
- Tanto Security has disclosed critical vulnerabilities in Judge0, allowing attackers to gain root access.
- The vulnerabilities pose a significant threat to organizations using Judge0 for secure code execution.
Tanto Security recently identified critical vulnerabilities in Judge0, an open-source service widely utilized for secure sandboxed code execution. These vulnerabilities, named CVE-2024-29021, CVE-2024-28185, and CVE-2024-28189, could enable attackers to run arbitrary code and gain root access to the host machine. The default configuration oversights in the service, such as a weak default password, make instances vulnerable to exploitation. The cybersecurity community has urged organizations using Judge0 to review their configurations, update passwords, and apply security updates to mitigate these risks.
The vulnerabilities were discovered through a detailed blog post by Tanto Security, outlining the process of uncovering the flaws and demonstrating how attackers could exploit them to escalate privileges. The cybersecurity community has called for immediate action to secure Judge0 instances and prevent unauthorized access to sensitive data.
