CVE-2020-25039
HIGHSylabs Singularity < 3.6.2 - Exposure to Wrong Actor
Title source: ruleDescription
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
References (4)
Scores
CVSS v3
8.1
EPSS
0.0081
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Classification
CWE
CWE-668
Status
published
Affected Products (4)
sylabs/singularity
< 3.6.2
opensuse/leap
opensuse/leap
sylabs/singularity
< 3.6.3Go
Timeline
Published
Sep 16, 2020
Tracked Since
Feb 18, 2026