Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/sylabs/singularity(Go) | 3.3.0 | 3.5.2 | N/A |
CVSS Metrics
