Lucene search

Ubuntu.comUB:CVE-2020-25039

HistorySep 16, 2020 - 12:00 a.m.

CVE-2020-25039

2020-09-1600:00:00

ubuntu.com

sylabs singularity

insecure permissions

temporary directories

fakeroot

user namespace

container execution.

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

53.2%

JSON

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on
temporary directories used in fakeroot or user namespace container
execution.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970465>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsingularity-container< anyUNKNOWN
ubuntu24.04noarchsingularity-container< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	singularity-container	< any	UNKNOWN
ubuntu	24.04	noarch	singularity-container	< any	UNKNOWN

References

github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7

launchpad.net/bugs/cve/CVE-2020-25039

medium.com/sylabs

nvd.nist.gov/vuln/detail/CVE-2020-25039

security-tracker.debian.org/tracker/CVE-2020-25039

www.cve.org/CVERecord?id=CVE-2020-25039

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

53.2%

JSON

Related for UB:CVE-2020-25039