cbcvebase.
CVE-2023-6395
published 2024-01-16

CVE-2023-6395: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.55%
72.0th percentile
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Affected

5 ranges
VendorProductVersion rangeFixed in
fedoraprojectextra_packages_for_enterprise_linux
fedoraprojectextra_packages_for_enterprise_linux
fedoraprojectextra_packages_for_enterprise_linux
fedoraprojectfedora
fedoraprojectfedora

Detection & IOCsextracted from sources · hover to see the quote

  • Privilege escalation vector is through unsandboxed Jinja2 template expansion in Mock configuration parameters — monitor for Jinja2 template syntax (e.g., `{{ }}`, `{% %}`) appearing in mock configuration tags or parameters passed to mock at runtime
  • The vulnerable code path resides in the `TemplatedDictionary` library used by Mock to expand configuration values — focus detection/patching efforts on this library component
  • The vulnerability was introduced when `TemplatedDictionary` was still part of the mock codebase (before mock 2.9-1); audit systems running mock versions prior to 2.9-1 as highest risk
  • Attack path involves less-privileged users supplying malicious configuration tags to build systems that invoke mock on their behalf — audit build system interfaces that allow user-controlled mock configuration tag input
  • ·Red Hat Enterprise Linux 7, 8, and 9 are NOT affected — those versions do not ship the `mock` package; only RHEL 6 is in scope and is listed as Not Affected as well
  • ·Mock documentation already designates mock group members as privileged users; exploitation risk is elevated specifically in build systems that do NOT enforce this boundary and allow unprivileged users to influence mock configuration
  • ·No mitigation meeting Red Hat's criteria is available; remediation is the fix in the `TemplatedDictionary` library

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.