You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See doc/triage.md for instructions on how to triage this report.
modules:
- module: TODO
versions:
- introduced: 3.1.0
fixed: 3.2.0
packages:
- package: github.com/sylabs/singularity/internal/pkg/runtime/engines/singularity
description: An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious
user with local/network access to the host system (e.g. ssh) could exploit this
vulnerability due to insecure permissions allowing a user to edit files within
`/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those
files can change the behavior of the starter-suid program when instances are joined
resulting in potential privilege escalation on the host.
cves:
- CVE-2019-11328
ghsas:
- GHSA-557g-r22w-9wvx
The text was updated successfully, but these errors were encountered:
In GitHub Security Advisory GHSA-557g-r22w-9wvx, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: