PT-2018-10947 · Sylabs+2 · Singularity+2

Godloved

Publicado

2018-07-05

Atualizado

2024-06-15

CVE-2018-12021

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Singularity versions 2.3.0 through 2.5.1

Description The issue is related to incorrect access control on systems that support the overlay file system. A malicious user can exploit specific Singularity features to access sensitive information when the overlay option is used.

Recommendations For versions 2.3.0 through 2.5.1, consider disabling the overlay file system option as a temporary workaround until a patch is available. Restrict access to sensitive information and Singularity features that can be exploited to minimize the risk of unauthorized access.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2018-12021

GHSA-4X32-H296-RG6J

OPENSUSE-SU-2018:1969-1

OPENSUSE-SU-2018_3316-1

OPENSUSE-SU-2019:0095-1

OPENSUSE-SU-2024:11384-1

USN-4840-1

Produtos afetados

Singularity

Suse

Ubuntu

PT-2018-10947 · Sylabs+2 · Singularity+2

CVE-2018-12021

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31