Clusterlabs Booth vulnerabilities
2 known vulnerabilities affecting clusterlabs/booth.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-3049MEDIUMCVSS 5.9fixed in 1.12024-06-06
CVE-2024-3049 [MEDIUM] CWE-345 CVE-2024-3049: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_m
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
nvdosv
CVE-2022-2553MEDIUMCVSS 6.5≤ 1.0vBooth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7.2022-07-28
CVE-2022-2553 [MEDIUM] CWE-287 CVE-2022-2553: The authfile directive in the booth config file is ignored, preventing use of authentication in comm
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
cvelistv5nvdosv