Vulnerability Details CVE-2020-13847
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
- https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
- https://medium.com/sylabs
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
- https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
- https://medium.com/sylabs
Products affected by CVE-2020-13847
-
cpe:2.3:a:sylabs:singularity:3.0.0
-
cpe:2.3:a:sylabs:singularity:3.0.1
-
cpe:2.3:a:sylabs:singularity:3.0.2
-
cpe:2.3:a:sylabs:singularity:3.0.3
-
cpe:2.3:a:sylabs:singularity:3.1.0
-
cpe:2.3:a:sylabs:singularity:3.1.1
-
cpe:2.3:a:sylabs:singularity:3.2.0
-
cpe:2.3:a:sylabs:singularity:3.2.1
-
cpe:2.3:a:sylabs:singularity:3.3.0
-
cpe:2.3:a:sylabs:singularity:3.4.0
-
cpe:2.3:a:sylabs:singularity:3.4.1
-
cpe:2.3:a:sylabs:singularity:3.4.2
-
cpe:2.3:a:sylabs:singularity:3.5.0