CVE-2023-1521

CVE-2023-1521: Local Privilege Escalation in sccache

Vendor Mozilla
Product sccache
Weakness CWE-426
Published November 26, 2024
Last update November 26, 2024

CVSS base score

What the vulnerability does

01Description

On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
November 26, 2024 Record updated