CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

References

Affected packages

Git / github.com/clusterlabs/booth

Affected ranges

Type: GIT
Repo: https://github.com/clusterlabs/booth
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

35bf0b7b048d715f671eb68974fb6b4af6528c67

Affected versions

v0.*

v0.1.0

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.2.0

v1.*

v1.0

v1.0rc1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "149510054174933947535674704961299673793",
                "length": 901.0
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/clusterlabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67",
            "id": "CVE-2022-2553-352f9de4",
            "signature_version": "v1",
            "target": {
                "file": "src/main.c",
                "function": "setup_config"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "335119658293112424394991090198767395100",
                    "65978872216503566394160499784130448295",
                    "21845935033621291117597346218735165249",
                    "134854276876856949574566516929111687573"
                ]
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/clusterlabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67",
            "id": "CVE-2022-2553-878d7758",
            "signature_version": "v1",
            "target": {
                "file": "src/main.c"
            }
        }
    ]
}