6.5
CVE-2022-2553
- EPSS 0.92%
- Veröffentlicht 28.07.2022 15:15:07
- Zuletzt bearbeitet 21.11.2024 07:01:14
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clusterlabs ≫ Booth Version <= 1.0
Debian ≫ Debian Linux Version10.0
Debian ≫ Debian Linux Version11.0
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.92% | 0.56 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/
https://www.debian.org/security/2022/dsa-5194