CVE-2020-13845
 
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Sylabs Singularity versiones 3.0 hasta 3.5, presenta una Comprobación Inapropiada de un Valor de Comprobación de Integridad. La integridad de la imagen no es comprobada cuando una política ECL es aplicada. La huella digital requerida por la ECL es comparada contra los descriptor(es) de objeto de firma en el archivo SIF, en lugar de con una firma comprobada criptográficamente
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-04 CVE Reserved
- 2020-07-14 CVE Published
- 2024-05-18 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-347: Improper Verification of Cryptographic Signature
- CWE-354: Improper Validation of Integrity Check Value
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c | Third Party Advisory | |
https://medium.com/sylabs | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sylabs Search vendor "Sylabs" | Singularity Search vendor "Sylabs" for product "Singularity" | >= 3.0.0 <= 3.5.0 Search vendor "Sylabs" for product "Singularity" and version " >= 3.0.0 <= 3.5.0" | - |
Affected
|