CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30549 – Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
https://notcve.org/view.php?id=CVE-2023-30549
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. • https://access.redhat.com/security/cve/cve-2022-1184 https://github.com/apptainer/apptainer/commit/5a4964f5ba9c8d89a0e353b97f51fd607670a9f7 https://github.com/apptainer/apptainer/releases/tag/v1.1.8 https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg https://github.com/torvalds/linux/commit/2220eaf90992c11d888fe771055d4de3303 https://github.com/torvalds/linux/commit/4f04351888a83e595571de672e0a4a8b74f https://lwn.net/Articles/932136 https://lwn.net/Articles/932137 https://security-tracker.debi • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23538 – User credentials leaked to third-party service via HTTP redirect in scs-library-client
https://notcve.org/view.php?id=CVE-2022-23538
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. • https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa https://github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2 https://github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39237 – Digital Signature Hash Algorithms Not Validated in sylabs/sif
https://notcve.org/view.php?id=CVE-2022-39237
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. syslabs/sif es la implementación de referencia del Formato de Imagen de Singularidad (SIF). • https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 https://security.gentoo.org/glsa/202210-19 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-33027
https://notcve.org/view.php?id=CVE-2021-33027
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Sylabs Singularity Enterprise versiones hasta 1.6.2, presenta una Entropía Insuficiente en un nonce • https://medium.com/sylabs https://support.sylabs.io/a/solutions/articles/42000086439 • CWE-331: Insufficient Entropy •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33622
https://notcve.org/view.php?id=CVE-2021-33622
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. Sylabs Singularity versiones 3.5.x y 3.6.x, y SingularityPRO versiones anteriores a 3.5-8, presenta una Comprobación Incorrecta del Valor de Retorno de una Función • https://medium.com/sylabs https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- • CWE-754: Improper Check for Unusual or Exceptional Conditions •