Description
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://medium.com/sylabs
Third Party Advisory x_refsource_misc
https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
Broken Link vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
Scores
CVSS v3
7.5
EPSS
0.0063
EPSS Percentile
45.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-354
Status
published
Products (1)
sylabs/singularity
3.0.0 - 3.5.0
Published
Jul 14, 2020
Tracked Since
Feb 18, 2026