Vulnerability CVE-2019-11328

Vulnerability Name:

CVE-2019-11328 (CCN-161130)

Assigned:

2019-05-14

Published:

2019-05-14

Updated:

2023-02-28

Summary:

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.7 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2019-11328

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: XF
Type: UNKNOWN
singularity-cve201911328-priv-esc(161130)

Source: CCN
Type: singularity GIT Repository
Singularity

Source: cve@mitre.org
Type: Release Notes
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: oss-sec Mailing List, Thu, 16 May 2019 12:15:58 +0200
Singularity 3.1.0: CVE-2019-11328: namespace privilege escalation and arbitrary file corruption

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:sylabs:singularity:3.2.0:rc2:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:93476	P	(Important)	2022-07-14
oval:org.opensuse.security:def:201911328	V	CVE-2019-11328	2022-06-30
oval:org.opensuse.security:def:113439	P	singularity-3.8.3-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:74382	P	Security update for libqt5-qtsvg (Moderate)	2021-10-12
oval:org.opensuse.security:def:106840	P	singularity-3.8.3-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:62774	P	libXvnc-devel-1.9.0-19.9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64442	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:63393	P	tomcat-9.0.5-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63619	P	gnome-shell-calendar-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62573	P	libpango-1_0-0-32bit-1.40.14-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63053	P	libmunge2-0.5.14-4.9.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62574	P	libpcre2-posix2-10.31-1.14 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63255	P	apache2-mod_wsgi-python3-4.5.18-2.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62597	P	ppp-2.4.7-3.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64186	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64288	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74508	P	Security update for singularity (Important)	2020-12-01
oval:org.opensuse.security:def:63946	P	Security update for ruby2.1 (Important)	2020-12-01
oval:org.opensuse.security:def:64330	P	libhogweed4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64080	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:110132	P	Security update for singularity (Important)	2020-07-23
oval:org.opensuse.security:def:100189	P	Security update for singularity (Moderate)	2019-10-07

BACK