Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2019/05/16/1 | |
| https://github.com/singularityware/singularity/releases/tag/2.5.2 | Release Notes Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2019/05/16/1 | |
| https://github.com/singularityware/singularity/releases/tag/2.5.2 | Release Notes Third Party Advisory |
Configurations
History
21 Nov 2024, 03:44
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.openwall.com/lists/oss-security/2019/05/16/1 - | |
| References | () https://github.com/singularityware/singularity/releases/tag/2.5.2 - Release Notes, Third Party Advisory |
Information
Published : 2018-07-05 18:29
Updated : 2024-11-21 03:44
NVD link : CVE-2018-12021
Mitre link : CVE-2018-12021
CVE.ORG link : CVE-2018-12021
JSON object : View
Products Affected
sylabs
- singularity
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor