Medium severity6.5NVD Advisory· Published Jul 5, 2018· Updated Jun 17, 2026
CVE-2018-12021
CVE-2018-12021
Description
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hpcng/singularityGo | >= 2.3.0, < 2.5.2 | 2.5.2 |
Affected products
3- ghsa-coords3 versionspkg:golang/github.com/hpcng/singularitypkg:rpm/opensuse/singularity&distro=openSUSE%20Tumbleweedpkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2012%20SP3
>= 2.3.0, < 2.5.2+ 2 more
- (no CPE)range: >= 2.3.0, < 2.5.2
- (no CPE)range: < 3.8.3-1.2
- (no CPE)range: < 2.3.2-11.1
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-4x32-h296-rg6jghsaADVISORY
- github.com/singularityware/singularity/releases/tag/2.5.2nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-12021ghsaADVISORY
- www.openwall.com/lists/oss-security/2019/05/16/1nvdWEB
News mentions
0No linked articles in our index yet.