CVE-2019-19724 – github.com/sylabs/singularity

Package

Manager: go
Name: github.com/sylabs/singularity
Vulnerable Version: >=3.3.0 <3.5.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00313 pctl0.53903

Details

Singularity insecure permissions Insecure permissions (777) are set on `$HOME/.singularity` when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Metadata

Created: 2022-05-24T17:04:02Z
Modified: 2023-09-26T20:03:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mj73-5x75-9phh/GHSA-mj73-5x75-9phh.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-mj73-5x75-9phh
Finding: F056
Auto approve: 1