CVE-2019-19724
HIGH7.5EPSS 0.31%Singularity insecure permissions
Published: 5/24/2022Modified: 11/8/2023
Description
Insecure permissions (777) are set on `$HOME/.singularity` when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Affected packages (1)
- Go/github.com/sylabs/singularity>= 3.3.0, < 3.5.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-19724
- PATCHhttps://github.com/sylabs/singularity
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- WEBhttps://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
- WEBhttps://github.com/sylabs/singularity/releases/tag/v3.5.2