High severityNVD Advisory· Published Jul 14, 2020· Updated Aug 4, 2024
CVE-2020-13845
CVE-2020-13845
Description
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/sylabs/singularityGo | >= 3.0.0, < 3.6.0 | 3.6.0 |
Affected products
6- Sylabs/Singularitydescription
- ghsa-coords5 versionspkg:golang/github.com/sylabs/singularitypkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/singularity&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/singularity&distro=openSUSE%20Tumbleweedpkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2
>= 3.0.0, < 3.6.0+ 4 more
- (no CPE)range: >= 3.0.0, < 3.6.0
- (no CPE)range: < 3.6.0-lp151.2.6.1
- (no CPE)range: < 3.6.0-lp152.2.3.1
- (no CPE)range: < 3.8.3-1.2
- (no CPE)range: < 3.6.0-bp152.2.4.1
Patches
Vulnerability mechanics
References
7- lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-pmfr-63c2-jr5cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-13845ghsaADVISORY
- github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5cghsax_refsource_MISCWEB
- medium.com/sylabsghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.