Singularity version from 3.3.0 to 3.5.1 Incorrect Default Permissions Vulnerability

Summary

Singularity version from 3.3.0 to 3.5.1 suffers from  incorrect default permissions vulnerability

Credit:

The information has been provided by Vendor

The original article can be found at:https://github.com/sylabs/singularity/releases/tag/v3.5.2


Details

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

 

Vulnerable Systems:

Singularity version from 3.3.0 to 3.5.1

 

CVE Information:

CVE-2019-19724

 

Disclosure Timeline:
Published Date:12/18/2019

Categories: FeaturedNews