CVE-2019-19724

Name of the Vulnerable Software and Affected Versions Singularity versions 3.3.0 through 3.5.1

Description The issue arises from insecure permissions (777) being set on $HOME/.singularity when it is newly created by Singularity. This could lead to an information leak and malicious redirection of operations performed against Sylabs cloud services.

Recommendations For Singularity versions 3.3.0 through 3.5.1, consider changing the permissions of $HOME/.singularity to a more secure setting to prevent potential information leaks and malicious activities. As a temporary workaround, restrict access to the $HOME/.singularity directory until a patch is available.