CVE-2020-13144
published 2020-05-18CVE-2020-13144: Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new…
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
10.96%
95.3th percentile
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| edx | open_edx_platform | — | — |
| imagemagick | imagemagick | >= 0 < 8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for Python os.system() or subprocess calls originating from the Open edX Studio web application process, which would indicate exploitation of the Custom Python evaluated code component. ↗
- →Alert on authenticated HTTP requests navigating the path: Create New course > New section > New subsection > New unit > Add new component > Problem button > Advanced tab > Custom Python evaluated code, as this is the specific UI path used to reach the vulnerable code execution point. ↗
- →Detect exploitation by monitoring for unexpected child processes (e.g. shell commands) spawned by the edxapp/LMS or Studio web server process, particularly when CodeJail sandboxing is absent. ↗
- ·This vulnerability is only exploitable when CodeJail is NOT configured/enforced. Deployments with CodeJail properly enabled are not affected. ↗
- ·Exploitation requires an authenticated user account; unauthenticated attackers cannot reach the vulnerable endpoint. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hc63-fv38-p9mv: Studio in Open edX Ironwood 2
ghsa_unreviewed·2022-05-24
CVE-2020-13144 [MEDIUM] CWE-20 GHSA-hc63-fv38-p9mv: Studio in Open edX Ironwood 2
Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution.
OSV
imagemagick vulnerabilities
osv·2022-03-18·CVSS 6.5
CVE-2020-19667 imagemagick vulnerabilities
imagemagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain values
when processing XPM image data or large images. If a user or automated
system using ImageMagick were tricked into opening a specially crafted
image, an attacker could exploit this to cause a denial of service or
possibly execute code with the privileges of the user invoking the program.
(CVE-2020-19667, CVE-2017-13144)
Suhwan Song discovered that ImageMagick incorrectly handled memory
when processing PNG,PALM,MIFF image data. If a user or automated system
using ImageMagick were tricked into opening a specially crafted image,
an attacker could exploit this to cause a denial of service or possibly
execute code with the privileges of the user invoking the program.
(CVE-2020-25664, CVE-2020-2566
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/157785/OpenEDX-Ironwood-2.5-Remote-Code-Execution.htmlhttps://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.htmlhttps://stark0de.com/2020/05/17/openedx-vulnerabilities.htmlhttp://packetstormsecurity.com/files/157785/OpenEDX-Ironwood-2.5-Remote-Code-Execution.htmlhttps://edx.readthedocs.io/projects/edx-developer-guide/en/latest/architecture.htmlhttps://stark0de.com/2020/05/17/openedx-vulnerabilities.html
2020-05-18
Published