CVE-2020-25039: Exposure of Resource to Wrong Sphere

December 20, 2021

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

References

lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html
github.com/advisories/GHSA-w6v2-qchm-grj7
github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
medium.com/sylabs
nvd.nist.gov/vuln/detail/CVE-2020-25039

Detect and mitigate CVE-2020-25039 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →