CVE-2019-19724 — Vulnetix

Try Vulnetix Request Demo

CVE-2019-19724 PUBLISHED

Reported by mitre · Published December 18, 2019

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a
github.com	sylabs/singularity	v3.3.0, v3.3.0

Timeline

Dec 18, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

x_refsource_CONFIRM
openSUSE-SU-2020:0057 vendor-advisoryx_refsource_SUSE
openSUSE-SU-2020:1037 vendor-advisoryx_refsource_SUSE
https://nvd.nist.gov/vuln/detail/CVE-2019-19724 advisory
https://github.com/advisories/GHSA-mj73-5x75-9phh advisory

Open in Interactive Console →