Lucene search
Veracode Vulnerability DatabaseVERACODE:26767HistorySep 18, 2020 - 2:58 a.m.
Insecure Permissions
2020-09-1802:58:02
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
github
singularity
insecure permissions
unauthorized access
arbitrary code execution
software
EPSS
0.003
Percentile
71.6%
github.com/hpcng/singularity uses insecure permissions. Insecure permissions on temporary directories used in explicit and implicit container build operations allows a user with access to the system to read the contents of the image during the build. If the image contains a world-writable file or directory, it is possible for an attacker to inject arbitrary content into the running build and potentially lead to arbitrary code execution.
Related
osv
osv
Insecure permissions on build temporary rootfs in Singularity
2021-05-24 16:56:23
CVE-2020-25040
2020-09-16 18:15:13
singularity-3.8.3-1.2 on GA media
2024-06-15 00:00:00
github
github
Insecure permissions on build temporary rootfs in Singularity
2021-05-24 16:56:23
ubuntucve
ubuntucve
CVE-2020-25040
2020-09-16 00:00:00
nvd
nvd
CVE-2020-25040
2020-09-16 18:15:13
suse
suse
Security update for singularity (moderate)
2020-09-25 00:00:00
Security update for singularity (moderate)
2020-09-22 00:00:00
nessus
nessus
openSUSE Security Update : singularity (openSUSE-2020-1497)
2020-09-22 00:00:00
prion
prion
Design/Logic Flaw
2020-09-16 18:15:00
cve
cve
CVE-2020-25040
2020-09-16 18:15:13
openvas
openvas
openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1497-1)
2020-09-22 00:00:00
alpinelinux
alpinelinux
CVE-2020-25040
2020-09-16 18:15:13
debiancve
debiancve
CVE-2020-25040
2020-09-16 18:15:13
cvelist
cvelist
CVE-2020-25040
2020-09-16 17:47:17