You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/sylabs/singularity
versions:
- introduced: TODO (earliest fixed "", vuln range ">= 3.3.0, <= 3.5.1")
vulnerable_at: 0.0.0-20230718133150-0ccef06bd874
packages:
- package: github.com/sylabs/singularity
summary: Singularity insecure permissions
description: |-
Insecure permissions (777) are set on `$HOME/.singularity` when it is newly
created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an
information leak, and malicious redirection of operations performed against
Sylabs cloud services.
cves:
- CVE-2019-19724
ghsas:
- GHSA-mj73-5x75-9phh
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2019-19724
- web: https://github.com/sylabs/singularity/releases/tag/v3.5.2
- web: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
- web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- advisory: https://github.com/advisories/GHSA-mj73-5x75-9phh
The text was updated successfully, but these errors were encountered:
In GitHub Security Advisory GHSA-mj73-5x75-9phh, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: