Vulnerabilities > CVE-2022-2553
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 | |
| OS | 2 | |
| OS | 2 |
References
- https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
- https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
- https://www.debian.org/security/2022/dsa-5194
- https://www.debian.org/security/2022/dsa-5194