First published: Tue Jul 14 2020(Updated: )
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sylabs Singularity | >=3.0.0<=3.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-13845.
The severity of CVE-2020-13845 is high with a severity value of 7.5.
Sylabs Singularity versions 3.0 through 3.5 are affected by CVE-2020-13845.
CVE-2020-13845 allows image integrity to be bypassed when an ECL policy is enforced in Sylabs Singularity versions 3.0 through 3.5.
Yes, you can find references for CVE-2020-13845 at the following links: [Reference 1](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html), [Reference 2](http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html), [Reference 3](http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html).