CVE-2019-19724

Опубликовано: 18 дек. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
https://github.com/sylabs/singularity/releases/tag/v3.5.2
Release Notes
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
https://github.com/sylabs/singularity/releases/tag/v3.5.2
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*

Версия от 3.3.0 (включая) до 3.5.1 (включая)

EPSS

Процентиль: 54%

0.00313

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-276

Связанные уязвимости

CVE-2019-19724

CVSS3: 7.5

ubuntu

около 6 лет назад

CVE-2019-19724

CVSS3: 7.5

debian

около 6 лет назад

Insecure permissions (777) are set on $HOME/.singularity when it is ne ...

openSUSE-SU-2020:0057-1

suse-cvrf

около 6 лет назад

Security update for singularity

GHSA-mj73-5x75-9phh

CVSS3: 7.5

github

больше 3 лет назад

Singularity insecure permissions

openSUSE-SU-2020:1037-1

suse-cvrf

больше 5 лет назад

Security update for singularity

EPSS

Процентиль: 54%

0.00313

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-276