Lucene search
Veracode Vulnerability DatabaseVERACODE:26770HistorySep 18, 2020 - 4:52 a.m.
Insecure Permissions
2020-09-1804:52:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
singularity
insecure permissions
container execution
unauthorized access
image contents
code execution
EPSS
0.002
Percentile
53.2%
github.com/hpcng/singularity uses insecure permissions. The insecure permissions on temporary directories used in fakeroot and user namespace container execution allows a user with access to the system to read the contents of the image during the build. If the image contains a world-writable file or directory, it is possible for an attacker to inject arbitrary content into the running build and potentially execute arbitrary code.
References
Related
osv
osv
CVE-2020-25039
2020-09-16 18:15:13
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
2021-12-20 18:25:46
CVE-2020-25040
2020-09-16 18:15:13
cve
cve
CVE-2020-25039
2020-09-16 18:15:13
CVE-2020-25040
2020-09-16 18:15:13
debiancve
debiancve
CVE-2020-25039
2020-09-16 18:15:13
CVE-2020-25040
2020-09-16 18:15:13
alpinelinux
alpinelinux
CVE-2020-25039
2020-09-16 18:15:13
CVE-2020-25040
2020-09-16 18:15:13
cvelist
cvelist
CVE-2020-25039
2020-09-16 17:42:44
CVE-2020-25040
2020-09-16 17:47:17
github
github
prion
prion
Privilege escalation
2020-09-16 18:15:00
Design/Logic Flaw
2020-09-16 18:15:00
ubuntucve
ubuntucve
CVE-2020-25039
2020-09-16 00:00:00
CVE-2020-25040
2020-09-16 00:00:00
nvd
nvd
CVE-2020-25039
2020-09-16 18:15:13
CVE-2020-25040
2020-09-16 18:15:13
suse
suse
Security update for singularity (moderate)
2020-09-25 00:00:00
Security update for singularity (moderate)
2020-09-22 00:00:00
nessus
nessus
openSUSE Security Update : singularity (openSUSE-2020-1497)
2020-09-22 00:00:00
openvas
openvas
openSUSE: Security Advisory for singularity (openSUSE-SU-2020:1497-1)
2020-09-22 00:00:00