QwikSec

Security Database

CVE

CWE

Training

CVE-2020-13845

Published: Jul 14, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://medium.com/sylabs

x_refsource_MISC

https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c

x_refsource_MISC

openSUSE-SU-2020:1011

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1037

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1100

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.