VDB
CVE-2019-19724
CVE-2019-19724
PUBLISHED
Reported by mitre · Published December 18, 2019
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| alpine | singularity | 0, 0, 0 |
| n/a | n/a | *, n/a |
| github.com | sylabs/singularity | v3.3.0, v3.3.0 |
Timeline
- Dec 18, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- x_refsource_CONFIRM
- openSUSE-SU-2020:0057 vendor-advisoryx_refsource_SUSE
- openSUSE-SU-2020:1037 vendor-advisoryx_refsource_SUSE
- https://nvd.nist.gov/vuln/detail/CVE-2019-19724 advisory
- https://github.com/advisories/GHSA-mj73-5x75-9phh advisory