Insecure Permissions on Newly Created Singularity Directory: Potential Information Leak and Malicious Redirection

Insecure Permissions on Newly Created Singularity Directory: Potential Information Leak and Malicious Redirection

CVE-2019-19724 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

Learn more about our Cloud Audit.