CVE-2020-25039Resource Exposure in Sylabs Singularity

CWE-668Resource ExposureCWE-732Incorrect Permission Assignment10 documents6 sources
Severity
8.1HIGHNVD
EPSS
0.8%
top 25.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Sylabs SingularitySylabs SingularityOpensuse Leap
Timeline
PublishedSep 16
Latest updateDec 20

Description

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

Gogithub.com/sylabs_singularity3.2.03.6.3
NVDsylabs/singularity3.2.03.6.2
NVDopensuse/leap15.1, 15.2+1

🔴Vulnerability Details

4
GHSA
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity2021-12-20
OSV
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity2021-12-20
CVEList
CVE-2020-25039: Sylabs Singularity 32020-09-16
OSV
CVE-2020-25039: Sylabs Singularity 32020-09-16

📋Vendor Advisories

1
Debian
CVE-2020-25039: singularity-container - Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary dir...2020

💬Community

4
Bugzilla
CVE-2020-25039 singularity: Insecure Permissions on temporary directories2020-09-24
Bugzilla
CVE-2020-25039 singularity: Insecure Permissions on temporary directories [fedora-all]2020-09-24
Bugzilla
CVE-2020-25039 singularity: Insecure Permissions on temporary directories [epel-all]2020-09-24
Bugzilla
CVE-2020-25040 singularity: Insecure Permissions on temporary directories2020-09-24
CVE-2020-25039 — Resource Exposure | cvebase