Vulnerability Details : CVE-2023-6395
Potential exploit
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
Vulnerability category: Gain privilege
Products affected by CVE-2023-6395
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:rpm-software-management:mock:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6395
0.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6395
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-01-25 |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
Red Hat, Inc. | 2024-01-16 |
6.7
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
RedHat-CVE-2023-6395 | 2024-01-16 |
CWE ids for CVE-2023-6395
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: secalert@redhat.com (Secondary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2023-6395
-
https://access.redhat.com/security/cve/CVE-2023-6395
CVE-2023-6395- Red Hat Customer PortalThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/
[SECURITY] Fedora 38 Update: python-templated-dictionary-1.4-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69
Use a sandboxed jinja2 environment · xsuchy/templated-dictionary@bcd90f0 · GitHubPatch
-
https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933
Make the TemplatedDictionary objects picklable · xsuchy/templated-dictionary@0740bd0 · GitHubPatch
-
http://www.openwall.com/lists/oss-security/2024/01/16/1
oss-security - CVE-2023-6395 Mock: Privilege escalation for users that can access mock configurationMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/
[SECURITY] Fedora 39 Update: python-templated-dictionary-1.4-1.fc39 - package-announce - Fedora Mailing-Lists
-
http://www.openwall.com/lists/oss-security/2024/01/16/3
oss-security - Mock, Snap, LXC expose(d) chroot, container trees with unsafe permissions and contents to host users, pose risk to hostExploit;Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2252206
2252206 – (CVE-2023-6395) CVE-2023-6395 Mock: Privilege escalation for users that can access mock configurationIssue Tracking;Third Party Advisory
Jump to