{"id":"GHSA-4x32-h296-rg6j","summary":"Singularity Incorrect Access Control ","details":"Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.","aliases":["CVE-2018-12021"],"modified":"2023-11-08T03:59:48.552215Z","published":"2022-05-14T01:01:38Z","database_specific":{"github_reviewed":true,"cwe_ids":["CWE-200"],"nvd_published_at":"2018-07-05T18:29:00Z","severity":"MODERATE","github_reviewed_at":"2023-07-22T00:00:49Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12021"},{"type":"PACKAGE","url":"https://github.com/singularityware/singularity"},{"type":"WEB","url":"https://github.com/singularityware/singularity/releases/tag/2.5.2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2019/05/16/1"}],"affected":[{"package":{"name":"github.com/hpcng/singularity","ecosystem":"Go","purl":"pkg:golang/github.com/hpcng/singularity"},"ranges":[{"type":"SEMVER","events":[{"introduced":"2.3.0"},{"fixed":"2.5.2"}]}],"database_specific":{"last_known_affected_version_range":"\u003c= 2.5.1","source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4x32-h296-rg6j/GHSA-4x32-h296-rg6j.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}