4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-wj7f-468m-6mv8

EPSS Score

CWE

CWE-200

Published

12/1/2023

Updated

12/1/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-wj7f-468m-6mv8

GHSA-wj7f-468m-6mv8: Environment variables still accessible through /proc

Impact

Environment variables can be read from procfs unless a new process is started.

PoC

use birdcage::{Birdcage, Sandbox};
use std::{env, fs};

fn main() {
    Birdcage::new().lock().unwrap();

    assert_eq!(env::var_os("SECRET"), None);

    let environ = fs::read_to_string("/proc/self/environ").unwrap();
    assert!(!environ.contains("SECRET"), "ENVIRON CONTAINS SECRET:\n{environ}");
}

$  SECRET=test cargo run
thread 'main' panicked at src/main.rs:10:5:
ENVIRON CONTAINS SECRET:
 [truncated]

Possible Solutions

The simplest solution would be relying on the ptrace isolation and always spawning a new process by changing birdcage's API to create a new command. With an additional PID namespace the guarantees could be even further reinforced.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-wj7f-468m-6mv8

GHSA-wj7f-468m-6mv8:

4

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-wj7f-468m-6mv8

EPSS Score

CWE

CWE-200

Published

12/1/2023

Updated

12/1/2023

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
birdcage	rust	< 0.7.0	0.7.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests because Birdcage's sandboxing (via lock()) doesn't spawn a new process, leaving the original process's environment variables in /proc/self/environ. The PoC shows environment variables are still readable via procfs after locking, indicating the sandboxing implementation in lock() lacks process isolation. The suggested fix to 'always spawn a new process' implies the vulnerability stems from how lock() handles process creation and environment isolation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-wj7f-468m-6mv8: Environment variables still accessible through /proc

Impact

PoC

Possible Solutions

GHSA-wj7f-468m-6mv8:

4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-wj7f-468m-6mv8: Environment variables still accessible through /proc

Impact

PoC

Possible Solutions

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

4

4

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI