Miggo Logo
Miggo Vulnerability Database
CVE-2023-1521

CVE-2023-1521: sccache vulnerable to privilege escalation if server is run as root

8.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-1521
GHSA ID
GHSA-x7fr-pg8f-93f5
EPSS Score
0.51302%
CWE
CWE-426
Published
5/30/2023
Updated
1/26/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
sccacherust< 0.4.00.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the client sending its environment variables (including LD_PRELOAD) to the server during compilation requests. The code in src/commands.rs lines 371-376 explicitly includes env_vars in the Compile request struct. A FIXME comment in src/cmdline.rs:279 acknowledges the risk of not sanitizing LD_PRELOAD. The server's execution environment inherits these variables, enabling privilege escalation when running as root. The function responsible for constructing and sending these tainted environment variables is the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t On Linux t** `s******` *li*nt **n *x**ut* *r*itr*ry *o** wit* t** privil***s o* * lo**l `s******` s*rv*r, *y pr*lo**in* t** *o** in * s**r** li*r*ry p*ss** to `L*_PR*LO**`. I* t** s*rv*r is run *s root (w*i** is t** ****ult w**n inst*lli

Reasoning

T** vuln*r**ility st*ms *rom t** *li*nt s*n*in* its *nvironm*nt v*ri**l*s (in*lu*in* L*_PR*LO**) to t** s*rv*r *urin* *ompil*tion r*qu*sts. T** *o** in sr*/*omm*n*s.rs lin*s ***-*** *xpli*itly in*lu**s *nv_v*rs in t** *ompil* r*qu*st stru*t. * *IXM*