CVE-2020-13845
Summary
| CVE | CVE-2020-13845 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-07-14 18:15:00 UTC |
| Updated | 2023-01-20 20:09:00 UTC |
| Description | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. |
Risk And Classification
Problem Types: CWE-347 | CWE-354
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sylabs | Singularity | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [security-announce] openSUSE-SU-2020:1100-1: important: Security update | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2020:1011-1: important: Security update | SUSE | lists.opensuse.org | |
| Sylabs – Medium | MISC | medium.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1037-1: important: Security update | SUSE | lists.opensuse.org | |
| Execution Control List (ECL) Is Insecure · Advisory · hpcng/singularity · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 506241 Alpine Linux Security Update for singularity