Vulnerability Description
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sylabs | Singularity | >= 3.0.0, <= 3.5.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.htmlBroken Link
- https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9vThird Party Advisory
- https://medium.com/sylabsThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.htmlBroken Link
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.htmlBroken Link
- https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9vThird Party Advisory
- https://medium.com/sylabsThird Party Advisory
FAQ
What is CVE-2020-13847?
CVE-2020-13847 is a vulnerability with a CVSS score of 7.5 (HIGH). Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...
How severe is CVE-2020-13847?
CVE-2020-13847 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13847?
Check the references section above for vendor advisories and patch information. Affected products include: Sylabs Singularity.