CVE-2022-2553
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-2553
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-2553.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-2553
- Related
- Published
- 2022-07-28T15:15:07Z
- Modified
- 2025-01-08T14:07:49.350838Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
- References
-
- https://www.debian.org/security/2022/dsa-5194
- https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
- https://security-tracker.debian.org/tracker/CVE-2022-2553
Affected packages
Debian:11 / booth
Package
- Name
- booth
- Purl
- pkg:deb/debian/booth?arch=source
Debian:12 / booth
Package
- Name
- booth
- Purl
- pkg:deb/debian/booth?arch=source
Debian:13 / booth
Package
- Name
- booth
- Purl
- pkg:deb/debian/booth?arch=source