CVE-2018-12021

Aliases:GHSA-4x32-h296-rg6j

Advisory lineage Upstream: 0 Downstream: 5

Downstream

OPENSUSE-SU-2018:1969-1 OPENSUSE-SU-2019:0095-1 OPENSUSE-SU-2024:11384-1 UBUNTU-CVE-2018-12021 USN-4840-1

Modified

Published: 05 Jul 2018, 18:00

Last modified:05 Aug 2024, 08:24

Vulnerability Summary

Overall Risk (default)

medium

27/100

CVSS Score

6.8 MEDIUM

v2.0 (nvd)

EPSS Score

0.43% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

05 Jul 2018, 18:00

Published

Vulnerability first disclosed

05 Aug 2024, 08:24

Last Modified

Vulnerability information updated

Description

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.

CVSS Metrics

v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 6.8AV:N/AC:L/Au:S/C:C/I:N/A:N

EPSS Trends

Current EPSS score: 0.43%• Percentile: 63%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

github.com/hpcng•singularity
≥ 2.3.0, < 2.5.2
sylabs•singularity
≥ 2.3.0, ≤ 2.5.1