Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html | Broken Link |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html | Broken Link |
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html | Broken Link |
https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c | Third Party Advisory |
https://medium.com/sylabs | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-14T17:23:08
Updated: 2020-09-18T18:06:11
Reserved: 2020-06-04T00:00:00
Link: CVE-2020-13845
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-14T18:15:14.383
Modified: 2023-01-20T20:09:21.213
Link: CVE-2020-13845
JSON object: View
Redhat Information
No data.