CVE-2020-25040: Exposure of Resource to Wrong Sphere

May 24, 2021 (updated August 2, 2021)

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

References

lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html
github.com/advisories/GHSA-jv9c-w74q-6762
github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762
medium.com/sylabs
nvd.nist.gov/vuln/detail/CVE-2020-25040

Detect and mitigate CVE-2020-25040 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →