Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36563?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36563?format=api", "vulnerability_id": "VCID-96qz-zbn5-n3ar", "summary": "Incorrect Permission Assignment for Critical Resource in Singularity\nAn issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.", "aliases": [ { "alias": "CVE-2019-11328" }, { "alias": "GHSA-557g-r22w-9wvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/939439?format=api", "purl": "pkg:deb/debian/singularity-container@0?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@0%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/939435?format=api", "purl": "pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid" } ], "affected_packages": [], "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69674", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69739", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69695", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.6972", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69715", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69707", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69655", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74404", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74429", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74437", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74454", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74457", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00824", "scoring_system": "epss", "scoring_elements": "0.74398", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11328" }, { "reference_url": "https://github.com/sylabs/singularity/commit/618c9d56802399adb329c23ea2b70598eaff4a31", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sylabs/singularity/commit/618c9d56802399adb329c23ea2b70598eaff4a31" }, { "reference_url": "https://github.com/sylabs/singularity/releases/tag/v3.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sylabs/singularity/releases/tag/v3.2.0" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11328", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11328" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/05/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/05/16/1" }, { "reference_url": "http://www.securityfocus.com/bid/108360", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/108360" } ], "weaknesses": [ { "cwe_id": 269, "name": "Improper Privilege Management", "description": "The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor." }, { "cwe_id": 732, "name": "Incorrect Permission Assignment for Critical Resource", "description": "The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96qz-zbn5-n3ar" }