| Bug ID | 1159550 |
|---|---|
| Summary | VUL-0: CVE-2019-19724: singularity: Insecure permissions are set on $HOME/.singularity potentially to an information leak |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.1 |
| Hardware | Other |
| URL | https://smash.suse.de/issue/249524/ |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | burnus@gmx.de |
| Reporter | atoptsoglou@suse.com |
| QA Contact | security-team@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
CVE-2019-19724 Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19724 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19724 https://github.com/sylabs/singularity/releases/tag/v3.5.2