Lucene search
GoogleOSV:GHSA-MJ73-5X75-9PHHHistoryMay 24, 2022 - 5:04 p.m.
Singularity insecure permissions
2022-05-2417:04:02
Google
osv.dev
4
0.003 Low
EPSS
Percentile
69.8%
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/sylabs/singularity | lt | 3.5.2 | |
| github.com/sylabs/singularity | ge | 3.3.0 |
References
lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
github.com/sylabs/singularity
github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
github.com/sylabs/singularity/releases/tag/v3.5.2
nvd.nist.gov/vuln/detail/CVE-2019-19724
Related
veracode
veracode
Insecure Permission
2019-12-19 02:48:16
suse
suse
Security update for singularity (moderate)
2020-01-14 00:00:00
Security update for singularity (important)
2020-07-23 00:00:00
cvelist
cvelist
CVE-2019-19724
2019-12-18 20:52:24
nessus
nessus
openSUSE Security Update : singularity (openSUSE-2020-57)
2020-01-15 00:00:00
openSUSE Security Update : singularity (openSUSE-2020-1037)
2020-07-27 00:00:00
openvas
openvas
openSUSE: Security Advisory for singularity (openSUSE-SU-2020:0057_1)
2020-01-27 00:00:00
openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1037-1)
2020-07-24 00:00:00
debiancve
debiancve
CVE-2019-19724
2019-12-18 21:15:13
prion
prion
Information disclosure
2019-12-18 21:15:00
nvd
nvd
CVE-2019-19724
2019-12-18 21:15:13
cve
cve
CVE-2019-19724
2019-12-18 21:15:13
alpinelinux
alpinelinux
CVE-2019-19724
2019-12-18 21:15:13
osv
osv
CVE-2019-19724
2019-12-18 21:15:13
github
github
Singularity insecure permissions
2022-05-24 17:04:02
ubuntucve
ubuntucve
CVE-2019-19724
2019-12-18 00:00:00