Описание
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
Отчет
The identified vulnerability in the Mock software represents a moderate threat from a technical standpoint. The risk lies in the potential for an attacker to exploit privilege escalation, gaining the ability to execute arbitrary code with root user privileges. This vulnerability arises due to the absence of proper sandboxing during the expansion and execution of Jinja2 templates in specific configuration parameters. While the Mock documentation advises treating certain users as privileged, the risk is amplified by certain build systems inadvertently allowing less privileged users to define configuration tags. These tags can be passed as parameters to Mock during execution, creating a pathway for remote privilege escalation and the execution of arbitrary code on the build server. The moderate classification is attributed to the specific conditions required for exploitation and the potential impact on system integrity.
The fix for this issue is located at the TemplatedDictionary' library, which mock heavily relies on to expand configuration values. This library was part of mockbefore but it was stripped to a separated code base in mock 2.9-1, while the vulnerability itself was introduced whileTemplatedDictionarywas part of mock code base in mock 1.4. Red Hat Enterprise Linux 7, 8 and 9 are not affected by this vulnerability as those versions doesn't ship themock` package.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | mock | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.7 Medium
CVSS3
Связанные уязвимости
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.
The Mock software contains a vulnerability wherein an attacker could p ...
Privilege escalation for users that can access mock configuration
Уязвимость менеджера среды сборки chroot для создания RPM-пакетов Mock, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код
EPSS
6.7 Medium
CVSS3