Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-07-14T17:23:08

Updated: 2024-08-04T12:32:13.057Z

Reserved: 2020-06-04T00:00:00

Link: CVE-2020-13845

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-07-14T18:15:14.383

Modified: 2024-11-21T05:01:59.457

Link: CVE-2020-13845

cve-icon Redhat

No data.