CVE-2020-13847Improper Validation of Integrity Check Value in Singularity

CWE-354Improper Validation of Integrity Check Value4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 59.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sylabs Singularity
Timeline
PublishedJul 14

Description

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDsylabs/singularity3.0.03.5.0

🔴Vulnerability Details

2
CVEList
CVE-2020-13847: Sylabs Singularity 32020-07-14
OSV
CVE-2020-13847: Sylabs Singularity 32020-07-14

📋Vendor Advisories

1
Debian
CVE-2020-13847: singularity-container - Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singula...2020
CVE-2020-13847 — Sylabs Singularity vulnerability | cvebase