Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-13845

Опубликовано: 14 июл. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*
Версия от 3.0.0 (включая) до 3.5.0 (включая)

EPSS

Процентиль: 24%
0.00079
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-347

Связанные уязвимости

ubuntu логотип

CVE-2020-13845

CVSS3: 7.5
ubuntu
больше 5 лет назад

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

debian логотип

CVE-2020-13845

CVSS3: 7.5
debian
больше 5 лет назад

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...

github логотип

GHSA-pmfr-63c2-jr5c

CVSS3: 7.5
github
около 4 лет назад

Execution Control List (ECL) Is Insecure in Singularity

suse-cvrf логотип

openSUSE-SU-2020:1011-1

suse-cvrf
больше 5 лет назад

Security update for singularity

suse-cvrf логотип

openSUSE-SU-2020:1037-1

suse-cvrf
больше 5 лет назад

Security update for singularity

EPSS

Процентиль: 24%
0.00079
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-347