Mock: privilege escalation for users that can access mock configuration
CVE-2023-6395

9.8CRITICAL

Key Information:

Vendor: Red Hat
Status: Mock; Red Hat Enterprise Linux 6; Extra Packages For Enterprise Linux; Fedora
Vendor: CVE Published:; 16 January 2024

Summary

The Mock software is vulnerable to privilege escalation attacks due to insufficient sandboxing mechanisms during the expansion and execution of Jinja2 templates. This vulnerability allows less privileged users, who may inadvertently gain control over configuration parameters, to execute arbitrary code with root privileges on the build server. The implications of this vulnerability are serious, as attackers could exploit improper settings to bypass security measures, leading to systemic risks within affected build environments. As documented in the relevant sources, users added to the mock group are treated as privileged, but the execution context can lead to unintended vulnerabilities when integrating external templates.

References

https://access.redhat.com/security/cve/CVE-2023-6395

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2252206

issue-trackingx_refsource_REDHAT

https://github.com/xsuchy/templated-dictionary/commit/074...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Nov 30, 2023

Credit

Red Hat would like to thank Sankin Nikita Alexeevich for reporting this issue.