Bug 2252206 (CVE-2023-6395) - CVE-2023-6395 Mock: Privilege escalation for users that can access mock configuration
Summary: CVE-2023-6395 Mock: Privilege escalation for users that can access mock confi...
Keywords:
Status: NEW
Alias: CVE-2023-6395
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2258607 2258608
Blocks: 2252205
TreeView+ depends on / blocked
 
Reported: 2023-11-30 05:36 UTC by Marco Benatto
Modified: 2024-04-17 10:34 UTC (History)
1 user (show)

Fixed In Version: templated_dictionary 1.4.1
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Marco Benatto 2023-11-30 05:36:36 UTC 
There is a flaw in the Mock software where an attacker may achieve privilege escalation and execute arbitrary code as the root user. This is due to the lack of sandboxing when expanding and executing Jinja2 templates that may be included in some configuration parameters.
Mock documentation recommends that users added to the mock group on a system be treated as privileged users. However, some build systems that invoke mock on behalf of users may unintentionally allow less privileged users to define configuration tags that will be passed to mock as parameters when run. Configuration tags that allow Jinja2 templates could be used to achieve remote privilege escalation and run arbitrary code as root on the build server.
Comment 5 Marco Benatto 2024-01-16 13:53:13 UTC 
Created mock tracking bugs for this issue:

Affects: epel-all [bug 2258608]
Affects: fedora-all [bug 2258607]
Comment 6 Marco Benatto 2024-01-16 14:05:03 UTC 
Upstream commits for this issue:
https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69
https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933
Note You need to log in before you can comment on or make changes to this bug.