CVE-2019-19724

Published: Dec 18, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Affected (1)

Products: Sylabs: Singularity

Sylabs

1 product

Singularity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sylabs Singularity	From 3.3.0 to 3.5.1

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

Source: cve@mitre.org

https://github.com/sylabs/singularity/releases/tag/v3.5.2

Source: cve@mitre.org

Release NotesThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/sylabs/singularity/releases/tag/v3.5.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.