Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-2562 Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Github GHSA Github GHSA GHSA-pmfr-63c2-jr5c Execution Control List (ECL) Is Insecure in Singularity
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T12:32:13.057Z

Reserved: 2020-06-04T00:00:00

Link: CVE-2020-13845

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-14T18:15:14.383

Modified: 2024-11-21T05:01:59.457

Link: CVE-2020-13845

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.