CVE-2020-13845 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-13845 Interim 1 19 2025-02-17T01:27:29Z current 2021-05-30T14:40:43Z 2025-02-17T01:27:29Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-13845 Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3SAQ7VHOBJRH3RBUUMSP4FWX6EERZQLH/ E-Mail link for openSUSE-SU-2020:1011-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EIHKRY3G2SS6X2ZY44CW67IIGHCJUYMO/ E-Mail link for openSUSE-SU-2020:1037-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MUCKOMJKYSUD3KFNFD7KCBEF323WWHLF/ E-Mail link for openSUSE-SU-2020:1100-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP2 openSUSE Leap 15.1 openSUSE Leap 15.2 openSUSE Tumbleweed singularity-3.6.0-bp152.2.4.1 singularity-3.6.0-lp151.2.6.1 singularity-3.6.0-lp152.2.3.1 singularity-3.8.3-1.2 singularity-3.6.0-bp152.2.4.1 as a component of SUSE Package Hub 15 SP2 singularity-3.6.0-lp151.2.6.1 as a component of openSUSE Leap 15.1 singularity-3.6.0-lp152.2.3.1 as a component of openSUSE Leap 15.2 singularity-3.8.3-1.2 as a component of openSUSE Tumbleweed Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. CVE-2020-13845 SUSE Package Hub 15 SP2:singularity-3.6.0-bp152.2.4.1 openSUSE Leap 15.1:singularity-3.6.0-lp151.2.6.1 openSUSE Leap 15.2:singularity-3.6.0-lp152.2.3.1 openSUSE Tumbleweed:singularity-3.8.3-1.2 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N