Candidate: CVE-2019-19724
PublicDate: 2019-12-18 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19724
 https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
 https://github.com/sylabs/singularity/releases/tag/v3.5.2
Description:
 Insecure permissions (777) are set on $HOME/.singularity when it is newly
 created by Singularity (version from 3.3.0 to 3.5.1), which could lead to
 an information leak, and malicious redirection of operations performed
 against Sylabs cloud services.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_singularity-container:
 upstream: https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631
upstream_singularity-container: released (3.5.2+ds1-1)
precise/esm_singularity-container: DNE
trusty_singularity-container: ignored (out of standard support)
trusty/esm_singularity-container: DNE
xenial_singularity-container: DNE
bionic_singularity-container: not-affected (code not present)
disco_singularity-container: not-affected (code not present)
eoan_singularity-container: not-affected (code not present)
devel_singularity-container: not-affected (code not present)