CVE-2022-23538

Name of the Vulnerable Software and Affected Versions scs-library-client versions prior to 1.3.4 and 1.4.2

Description The HTTP Authorization header sent by the scs-library-client to the library service may be incorrectly leaked to an S3 backing storage provider when pulling a container image with authentication. This occurs in a specific flow where the library service redirects the client to a backing S3 storage server for a multi-part concurrent download. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable flow is only used when communicating with a Singularity Enterprise 1.x installation or a third-party server implementing this flow.

Recommendations Update to scs-library-client version 1.3.4 or 1.4.2 to fix the security issue. For users interacting with a Singularity Enterprise 1.x installation using a 3rd party S3 storage service, revoke and recreate authentication tokens within Singularity Enterprise. As a temporary measure, consider avoiding the use of the multi-part concurrent download flow with redirect to S3 until the issue is resolved.