HIGH 7.5 Go
Singularity insecure permissions
GHSA-mj73-5x75-9phh · CVE-2019-19724
Published · Modified
Description
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-19724
- WEB https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
- PACKAGE https://github.com/sylabs/singularity
- WEB https://github.com/sylabs/singularity/releases/tag/v3.5.2
- WEB http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
- WEB http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes