CVE-2020-13847

HIGH

Sylabs Singularity <3.6 - Info Disclosure

Title source: llm

Description

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

References (5)

[Third Party Advisory] https://medium.com/sylabs

[Third Party Advisory] https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html

Scores

CVSS v3 7.5

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-354

Status published

Products (1)

sylabs/singularity 3.0.0 - 3.5.0

Published Jul 14, 2020

Tracked Since Feb 18, 2026