High severityNVD Advisory· Published Sep 16, 2020· Updated Aug 4, 2024
CVE-2020-25039
CVE-2020-25039
Description
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sylabs/singularityGo | >= 3.2.0, < 3.6.3 | 3.6.3 |
Affected products
6- Sylabs/Singularitydescription
- ghsa-coords5 versionspkg:golang/github.com/sylabs/singularitypkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/singularity&distro=openSUSE%20Tumbleweedpkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2
>= 3.2.0, < 3.6.3+ 4 more
- (no CPE)range: >= 3.2.0, < 3.6.3
- (no CPE)range: < 3.6.3-lp152.2.6.1
- (no CPE)range: < 3.6.3-lp152.2.6.1
- (no CPE)range: < 3.8.3-1.2
- (no CPE)range: < 3.6.3-bp152.2.8.1
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-w6v2-qchm-grj7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25039ghsaADVISORY
- github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7ghsax_refsource_MISCWEB
- medium.com/sylabsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.