CVE-2019-19724
Singularity insecure permissions
7.5
HIGH
CVSS 3.1
EPSS 0.31%
Description
Insecure permissions (777) are set on `$HOME/.singularity` when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
How to fix CVE-2019-19724
To remediate CVE-2019-19724, upgrade the affected package to a fixed version below.
- —upgrade to 3.5.2 or later
Is CVE-2019-19724 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.3.0, < 3.5.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |