High severityNVD Advisory· Published Sep 16, 2020· Updated Aug 4, 2024
CVE-2020-25040
CVE-2020-25040
Description
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sylabs/singularityGo | < 3.6.3 | 3.6.3 |
Affected products
6- Sylabs/Singularitydescription
- ghsa-coords5 versionspkg:golang/github.com/sylabs/singularitypkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/singularity&distro=openSUSE%20Tumbleweedpkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2
< 3.6.3+ 4 more
- (no CPE)range: < 3.6.3
- (no CPE)range: < 3.6.3-lp152.2.6.1
- (no CPE)range: < 3.6.3-lp152.2.6.1
- (no CPE)range: < 3.8.3-1.2
- (no CPE)range: < 3.6.3-bp152.2.8.1
Patches
Vulnerability mechanics
References
6- lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-jv9c-w74q-6762ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25040ghsaADVISORY
- github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762ghsax_refsource_MISCWEB
- medium.com/sylabsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.