CVE-2018-12021: Exposure of Sensitive Information to an Unauthorized Actor

May 14, 2022 (updated July 22, 2023)

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.

References

www.openwall.com/lists/oss-security/2019/05/16/1
github.com/advisories/GHSA-4x32-h296-rg6j
github.com/singularityware/singularity/releases/tag/2.5.2
nvd.nist.gov/vuln/detail/CVE-2018-12021

Code Behaviors & Features

Detect and mitigate CVE-2018-12021 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →