Home > Vulnerability Database > CVE-2019-19724

Mend.io Vulnerability Database

CVE-2019-19724

Good to know:

Date: December 18, 2019

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Language: Go

Severity Score

7.5

Related Resources (7)

Url: http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html

Url: https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631

Url: https://github.com/sylabs/singularity

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-19724

Url: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

Url: https://github.com/sylabs/singularity/releases/tag/v3.5.2

Url: https://www.mend.io/vulnerability-database/CVE-2019-19724

Severity Score

7.5

Weakness Type (CWE)

Incorrect Default Permissions

CWE-276

Top Fix

Upgrade Version

Upgrade to version v3.5.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-19724

Good to know:

Date: December 18, 2019

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?