CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*
cpe:2.3:a:sylabs:singularity:3.2.0:-:*:*:*:*:*:*
cpe:2.3:a:sylabs:singularity:3.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:sylabs:singularity:3.2.0:rc2:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
cpe:2.3:o:opensuse:backports:sle-15:-:*:*:*:*:*:*

Information

Published : 2019-05-14 14:29

Updated : 2023-02-28 07:15


NVD link : CVE-2019-11328

Mitre link : CVE-2019-11328


JSON object : View

CWE
CWE-732

Incorrect Permission Assignment for Critical Resource

Advertisement

dedicated server usa

Products Affected

sylabs

  • singularity

opensuse

  • backports
  • leap

fedoraproject

  • fedora