PT-2019-15928 · Sylabs+1 · Singularity+1

Publicado

2019-12-18

Atualizado

2024-06-15

CVE-2019-19724

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Singularity versions 3.3.0 through 3.5.1

Description The issue arises from insecure permissions (777) being set on $HOME/.singularity when it is newly created by Singularity. This could lead to an information leak and malicious redirection of operations performed against Sylabs cloud services.

Recommendations For Singularity versions 3.3.0 through 3.5.1, consider changing the permissions of $HOME/.singularity to a more secure setting to prevent potential information leaks and malicious activities. As a temporary workaround, restrict access to the $HOME/.singularity directory until a patch is available.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2019-19724

GHSA-MJ73-5X75-9PHH

OPENSUSE-SU-2020:0057-1

OPENSUSE-SU-2020:1037-1

OPENSUSE-SU-2020_0057-1

OPENSUSE-SU-2020_1037-1

OPENSUSE-SU-2024:11384-1

Produtos afetados

Singularity

Suse

PT-2019-15928 · Sylabs+1 · Singularity+1

CVE-2019-19724

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31