Insecure permissions (777) are set on $HOME/.singularity
when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sylabs/singularity | lt | 3.5.2 | |
github.com/sylabs/singularity | ge | 3.3.0 |
lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
github.com/sylabs/singularity
github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
github.com/sylabs/singularity/releases/tag/v3.5.2
nvd.nist.gov/vuln/detail/CVE-2019-19724