CVE-2018-12021

Published: Jul 5, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.

Affected (1)

Products: Sylabs: Singularity

Sylabs

1 product

Singularity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sylabs Singularity	From 2.3.0 to 2.5.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.openwall.com/lists/oss-security/2019/05/16/1

Source: cve@mitre.org

https://github.com/singularityware/singularity/releases/tag/2.5.2

Source: cve@mitre.org

Release NotesThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/05/16/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/singularityware/singularity/releases/tag/2.5.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.