CVE-2020-13847

HIGH

7.5

Beschreibung

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht7/14/2020

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

sylabs:singularity

Schwachen (CWE)

CWE-354

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html(cve@mitre.org)

https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v(cve@mitre.org)

https://medium.com/sylabs(cve@mitre.org)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v(af854a3a-2127-422b-91ae-364da2661108)

https://medium.com/sylabs(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.