Sylabs: >> Singularity Security Vulnerabilities
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-07-14
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-12-18
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
CVSS Score
8.8
EPSS Score
0.009
Published
2019-05-14
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-12-17
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-05
Page 2