CVE-2020-13847

EPSS 0.19%
Published 14.07.2020 18:15:14
Last modified 21.11.2024 05:01:59
Source cve@mitre.org
Teams watchlist Login
Open Login

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Sylabs ≫ Singularity Version >= 3.0.0 <= 3.5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.376

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-354 Improper Validation of Integrity Check Value

The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html

Broken Link

https://medium.com/sylabs

Third Party Advisory

https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13847

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13847

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13847

EUVD