Exploit Title: Zepl Notebook - Sandbox Escape Date: 9/28/2021 Vendor Homepage: https://zepl.com/ Software Link: https://app.zepl.com/ Version: Affects all versions of the product up to the date of this submission Tested on: The issue affects all versions of the product up to the date of this submission Exploit Authors: Josh Sheppard & Pathfynder Inc Exploit Contact: ghost a t undervurse dot_com & josh a t pathfynder dot_io Exploit Technique: Remote CVE ID: CVE-2021-42952 1. Description A container escape vulnerability has been discovered in Zepl's Notebooks product. Upon launching Remote Code Execution from the Notebook (CVE-2021-42950), users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services resulting in complete compromise of cloud assets. This vulnerability effects all previous versions of their Notebook product suite. 2. Disclosure Timeline 9/28/21 - Discovery and Exploitation 9/28/21 - Vendor Notified 10/31/21 - Patch Applied 2/16/22 - CVE Assigned 2/17/22 - Public Disclosure 3. Mitigation Hotfix applied to vendors SAAS solution, no action is necessary at this time