Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-14T17:23:08
Updated: 2024-08-04T12:32:13.057Z
Reserved: 2020-06-04T00:00:00
Link: CVE-2020-13845
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-14T18:15:14.383
Modified: 2024-11-21T05:01:59.457
Link: CVE-2020-13845
Redhat
No data.