CVE-2020-13845
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-13845
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13845.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-13845
- Aliases
- Related
- Published
- 2020-07-14T18:15:14Z
- Modified
- 2025-01-14T08:21:46.516858Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
- References
-
- https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
- https://medium.com/sylabs
Affected packages
Git / github.com/sylabs/singularity
Affected versions
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.2-rc1
v3.0.2-rc2
v3.0.3
v3.0.3-rc1
v3.0.3-rc2
v3.1.0
v3.1.0-rc1
v3.1.0-rc2
v3.1.0-rc3
v3.1.0-rc4
v3.1.1
v3.1.1-rc1
v3.2.0
v3.2.0-rc1
v3.2.0-rc2
v3.2.1
v3.2.1-rc1
v3.3.0
v3.3.0-rc.1
v3.3.0-rc.2
v3.3.0-rc.3
v3.3.0-rc.4
v3.4.0
v3.4.0-rc.1
v3.4.0-rc.2
v3.4.1
v3.4.1-rc.1
v3.4.2
v3.4.2-rc.1
v3.5.0
v3.5.0-rc.1
v3.5.0-rc.2