Description
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/sylabs/singularity/releases/tag/v3.5.2
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
Scores
CVSS v3
7.5
EPSS
0.0123
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-276
Status
published
Products (2)
sylabs/singularity
3.3.0 - 3.5.1
sylabs/singularity
3.3.0 - 3.5.2Go
Published
Dec 18, 2019
Tracked Since
Feb 18, 2026