CVE-2020-13847

Опубликовано: 14 июл. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
Broken Link
https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
Third Party Advisory
https://medium.com/sylabs
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
Broken Link
https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
Third Party Advisory
https://medium.com/sylabs
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sylabs:singularity:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.5.0 (включая)

EPSS

Процентиль: 41%

0.00189

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-354

Связанные уязвимости

CVE-2020-13847

CVSS3: 7.5

ubuntu

больше 5 лет назад

CVE-2020-13847

CVSS3: 7.5

debian

больше 5 лет назад

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...

openSUSE-SU-2020:1011-1

suse-cvrf

больше 5 лет назад

Security update for singularity

openSUSE-SU-2020:1037-1

suse-cvrf

больше 5 лет назад

Security update for singularity

EPSS

Процентиль: 41%

0.00189

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-354