Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25039
Reference (s):
- https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7
- https://medium.com/sylabs
- SUSE:openSUSE-SU-2020:1497
- URL: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html
- SUSE:openSUSE-SU-2020:1529