CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

References

Affected packages

Git / github.com/clusterlabs/booth

Affected ranges

Type: GIT
Repo: https://github.com/clusterlabs/booth
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

35bf0b7b048d715f671eb68974fb6b4af6528c67

Affected versions

v0.*

v0.1.0

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.2.0

v1.*

v1.0

v1.0rc1

Database specific

vanir_signatures

[
    {
        "target": {
            "file": "src/main.c",
            "function": "setup_config"
        },
        "digest": {
            "length": 901.0,
            "function_hash": "149510054174933947535674704961299673793"
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/clusterlabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67",
        "id": "CVE-2022-2553-352f9de4",
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "src/main.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "335119658293112424394991090198767395100",
                "65978872216503566394160499784130448295",
                "21845935033621291117597346218735165249",
                "134854276876856949574566516929111687573"
            ]
        },
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/clusterlabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67",
        "id": "CVE-2022-2553-878d7758",
        "signature_type": "Line"
    }
]