CVE-2022-2553Improper Authentication in Booth

CWE-287Improper Authentication8 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 33.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Clusterlabs BoothDebian LinuxFedoraproject Fedora
Timeline
PublishedJul 28
Latest updateAug 10

Description

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

Debianclusterlabs/booth< 1.0-237-gdd88847-2+deb11u1+3
CVEListV5clusterlabs/boothBooth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7.

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-9ppf-2r5r-2chh: The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node2022-07-29
OSV
CVE-2022-2553: The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node2022-07-28
CVEList
CVE-2022-2553: The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node2022-07-28

📋Vendor Advisories

4
Ubuntu
Booth vulnerability2022-08-10
Microsoft
The authfile directive in the booth config file is ignored preventing use of authentication in communications from node to node. As a result nodes that do not have the correct authentication key are n2022-07-12
Red Hat
booth: authfile directive in booth config file is completely ignored.2022-07-01
Debian
CVE-2022-2553: booth - The authfile directive in the booth config file is ignored, preventing use of au...2022
CVE-2022-2553 — Improper Authentication in Booth | cvebase