PT-2018-10947 · Sylabs+2 · Singularity+2

Godloved

Published

2018-07-05

Updated

2024-06-15

CVE-2018-12021

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Singularity versions 2.3.0 through 2.5.1

Description The issue is related to incorrect access control on systems that support the overlay file system. A malicious user can exploit specific Singularity features to access sensitive information when the overlay option is used.

Recommendations For versions 2.3.0 through 2.5.1, consider disabling the overlay file system option as a temporary workaround until a patch is available. Restrict access to sensitive information and Singularity features that can be exploited to minimize the risk of unauthorized access.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-12021

GHSA-4X32-H296-RG6J

OPENSUSE-SU-2018:1969-1

OPENSUSE-SU-2018_3316-1

OPENSUSE-SU-2019:0095-1

OPENSUSE-SU-2024:11384-1

USN-4840-1

Affected Products

Singularity

Suse

Ubuntu

PT-2018-10947 · Sylabs+2 · Singularity+2

CVE-2018-12021

Weakness Enumeration

Related Identifiers

Affected Products

References · 31