GHSA-7j98-74jh-cjxh

Suggest an improvement
Source
https://github.com/advisories/GHSA-7j98-74jh-cjxh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-7j98-74jh-cjxh/GHSA-7j98-74jh-cjxh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7j98-74jh-cjxh
Aliases
Published
2024-01-16T15:30:28Z
Modified
2024-10-25T22:22:00.933705Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Privilege escalation for users that can access mock configuration
Details

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Database specific
{
    "nvd_published_at": "2024-01-16T15:15:08Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-94"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-25T21:13:03Z"
}
References

Affected packages

PyPI / templated-dictionary

Package

Name
templated-dictionary
View open source insights on deps.dev
Purl
pkg:pypi/templated-dictionary

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.1

Affected versions

1.*

1.0
1.1
1.2