CVE-2023-6395
published 2024-01-16CVE-2023-6395: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.55%
72.0th percentile
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | extra_packages_for_enterprise_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Privilege escalation vector is through unsandboxed Jinja2 template expansion in Mock configuration parameters — monitor for Jinja2 template syntax (e.g., `{{ }}`, `{% %}`) appearing in mock configuration tags or parameters passed to mock at runtime ↗
- →The vulnerable code path resides in the `TemplatedDictionary` library used by Mock to expand configuration values — focus detection/patching efforts on this library component ↗
- →The vulnerability was introduced when `TemplatedDictionary` was still part of the mock codebase (before mock 2.9-1); audit systems running mock versions prior to 2.9-1 as highest risk ↗
- →Attack path involves less-privileged users supplying malicious configuration tags to build systems that invoke mock on their behalf — audit build system interfaces that allow user-controlled mock configuration tag input ↗
- ·Red Hat Enterprise Linux 7, 8, and 9 are NOT affected — those versions do not ship the `mock` package; only RHEL 6 is in scope and is listed as Not Affected as well ↗
- ·Mock documentation already designates mock group members as privileged users; exploitation risk is elevated specifically in build systems that do NOT enforce this boundary and allow unprivileged users to influence mock configuration ↗
- ·No mitigation meeting Red Hat's criteria is available; remediation is the fix in the `TemplatedDictionary` library ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_redhat6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Privilege escalation for users that can access mock configuration
ghsa·2024-01-16
CVE-2023-6395 [MEDIUM] CWE-20 Privilege escalation for users that can access mock configuration
Privilege escalation for users that can access mock configuration
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege esca
OSV
CVE-2023-6395: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary cod
osv·2024-01-16·CVSS 9.8
CVE-2023-6395 [CRITICAL] CVE-2023-6395: The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary cod
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the
OSV
Privilege escalation for users that can access mock configuration
osv·2024-01-16
CVE-2023-6395 [MEDIUM] Privilege escalation for users that can access mock configuration
Privilege escalation for users that can access mock configuration
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege esca
Red Hat
Mock: Privilege escalation for users that can access mock configuration
vendor_redhat·2024-01-16·CVSS 6.7
CVE-2023-6395 [MEDIUM] CWE-20 Mock: Privilege escalation for users that can access mock configuration
Mock: Privilege escalation for users that can access mock configuration
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privileg
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2024/01/16/1http://www.openwall.com/lists/oss-security/2024/01/16/3https://access.redhat.com/security/cve/CVE-2023-6395https://bugzilla.redhat.com/show_bug.cgi?id=2252206https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69https://lists.fedoraproject.org/archives/list/[email protected]/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/https://lists.fedoraproject.org/archives/list/[email protected]/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/http://www.openwall.com/lists/oss-security/2024/01/16/1http://www.openwall.com/lists/oss-security/2024/01/16/3https://access.redhat.com/security/cve/CVE-2023-6395https://bugzilla.redhat.com/show_bug.cgi?id=2252206https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69https://lists.fedoraproject.org/archives/list/[email protected]/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/https://lists.fedoraproject.org/archives/list/[email protected]/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/
2024-01-16
Published