GHSA-mj73-5x75-9phh

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Singularity insecure permissions

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Ссылки

Пакеты

Наименование

github.com/sylabs/singularity

Затронутые версииВерсия исправления

>= 3.3.0, <= 3.5.1

3.5.2

EPSS

Процентиль: 54%

0.00313

Низкий

7.5 High

CVSS3

CVE ID

CVE-2019-19724

Дефекты

CWE-276

Связанные уязвимости

CVE-2019-19724

CVSS3: 7.5

ubuntu

около 6 лет назад

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

CVE-2019-19724

CVSS3: 7.5

nvd

около 6 лет назад

CVE-2019-19724

CVSS3: 7.5

debian

около 6 лет назад

Insecure permissions (777) are set on $HOME/.singularity when it is ne ...

openSUSE-SU-2020:0057-1

suse-cvrf

около 6 лет назад

Security update for singularity

openSUSE-SU-2020:1037-1

suse-cvrf

больше 5 лет назад

Security update for singularity

EPSS

Процентиль: 54%

0.00313

Низкий

7.5 High

CVSS3

CVE ID

CVE-2019-19724

Дефекты

CWE-276