Vulnerability Details CVE-2022-2553
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
- https://www.debian.org/security/2022/dsa-5194
- https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
- https://www.debian.org/security/2022/dsa-5194
Products affected by CVE-2022-2553
-
cpe:2.3:a:clusterlabs:booth:-
-
cpe:2.3:a:clusterlabs:booth:0.1.0
-
cpe:2.3:a:clusterlabs:booth:0.1.2
-
cpe:2.3:a:clusterlabs:booth:0.1.3
-
cpe:2.3:a:clusterlabs:booth:0.1.4
-
cpe:2.3:a:clusterlabs:booth:0.1.5
-
cpe:2.3:a:clusterlabs:booth:0.1.6
-
cpe:2.3:a:clusterlabs:booth:0.1.7
-
cpe:2.3:a:clusterlabs:booth:0.2.0
-
cpe:2.3:a:clusterlabs:booth:1.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36