CVE-2020-25039

HIGH

Sylabs Singularity 3.2.0-3.6.2 - Insecure Temporary Directory Permissions in Fakeroot or User Namespace

Title source: llm
STIX 2.1

Description

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

References (4)

Core 4
Core References
Product x_refsource_misc
https://medium.com/sylabs
Mitigation, Third Party Advisory x_refsource_misc
https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html

Scores

CVSS v3 8.1
EPSS 0.0081
EPSS Percentile 74.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-668
Status published
Products (4)
opensuse/leap 15.1
opensuse/leap 15.2
sylabs/singularity 3.2.0 - 3.6.2
sylabs/singularity 3.2.0 - 3.6.3Go
Published Sep 16, 2020
Tracked Since Feb 18, 2026