CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

Published: Jul 28, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-2553
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
clusterlabs / booth	-	1.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x

https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
https://lists.fedoraproject.org/archives/list/[email protected]/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
https://lists.fedoraproject.org/archives/list/[email protected]/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
https://www.debian.org/security/2022/dsa-5194

Vulnerability Database

289,599

CVE-2022-2553