CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2019-11328

Sylabs » Singularity » Version: 3.1.0

cpe:2.3:a:sylabs:singularity:3.1.0
Sylabs » Singularity » Version: 3.1.1

cpe:2.3:a:sylabs:singularity:3.1.1
Sylabs » Singularity » Version: 3.2.0

cpe:2.3:a:sylabs:singularity:3.2.0
Fedoraproject » Fedora » Version: 28

cpe:2.3:o:fedoraproject:fedora:28
Fedoraproject » Fedora » Version: 29

cpe:2.3:o:fedoraproject:fedora:29
Fedoraproject » Fedora » Version: 30

cpe:2.3:o:fedoraproject:fedora:30
Opensuse » Backports » Version: sle-15

cpe:2.3:o:opensuse:backports:sle-15
Opensuse » Leap » Version: 15.1

cpe:2.3:o:opensuse:leap:15.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11328

Products

Pricing

Contact Us