CVE-2019-19724

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19724

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19724.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-19724

Aliases

GHSA-mj73-5x75-9phh

Related

Published

2019-12-18T21:15:13Z

Modified

2025-01-14T07:53:20.534724Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

References

Affected packages

Git / github.com/sylabs/singularity

Affected ranges

Type: GIT
Repo: https://github.com/sylabs/singularity
Events: Introduced

a066ffcb65c2f4a8f10a16623f228e0a7c49da2b

Last affected

a137637e1caf38de10dbd18e2113b07fe1f0ba09

Affected versions

v3.*

v3.3.0

v3.3.0-rc.4

v3.4.0

v3.4.0-rc.1

v3.4.0-rc.2

v3.4.1

v3.4.1-rc.1

v3.4.2

v3.4.2-rc.1

v3.5.0

v3.5.0-rc.1

v3.5.0-rc.2

v3.5.1

v3.5.1-rc.1

v3.5.1-rc.2