{"id":"CVE-2019-19724","details":"Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.","aliases":["GHSA-mj73-5x75-9phh"],"modified":"2026-02-24T01:18:04.411269Z","published":"2019-12-18T21:15:13.757Z","related":["openSUSE-SU-2020:0057-1","openSUSE-SU-2020:1037-1","openSUSE-SU-2024:11384-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"},{"type":"ADVISORY","url":"https://github.com/sylabs/singularity/releases/tag/v3.5.2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sylabs/singularity","events":[{"introduced":"a066ffcb65c2f4a8f10a16623f228e0a7c49da2b"},{"last_affected":"a137637e1caf38de10dbd18e2113b07fe1f0ba09"}]}],"versions":["v3.3.0","v3.3.0-rc.4","v3.4.0","v3.4.0-rc.1","v3.4.0-rc.2","v3.4.1","v3.4.1-rc.1","v3.4.2","v3.4.2-rc.1","v3.5.0","v3.5.0-rc.1","v3.5.0-rc.2","v3.5.1","v3.5.1-rc.1","v3.5.1-rc.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19724.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}