Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS03ajk4LTc0amgtY2p4aM4AA4ef

Privilege escalation for users that can access mock configuration

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Permalink: https://github.com/advisories/GHSA-7j98-74jh-cjxh
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ajk4LTc0amgtY2p4aM4AA4ef
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 months ago
Updated: 3 months ago

CVSS Score: 6.7
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-7j98-74jh-cjxh, CVE-2023-6395
References:

Repository: https://github.com/xsuchy/templated-dictionary
Blast Radius: 7.5

Affected Packages

pypi:templated_dictionary

Dependent packages: 0
Dependent repositories: 13
Downloads: 506 last month
Affected Version Ranges: < 1.4.1
Fixed in: 1.4.1
All affected versions:
All unaffected versions: