rpm package
opensuse/booth&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/booth&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-3049 | — | < 1.2+git0.322fea0-1.1 | 1.2+git0.322fea0-1.1 | Jun 6, 2024 | A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. | ||
| CVE-2022-2553 | — | < 1.0+20220724.dce51f9-1.1 | 1.0+20220724.dce51f9-1.1 | Jul 28, 2022 | The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. |
- CVE-2024-3049Jun 6, 2024affected < 1.2+git0.322fea0-1.1fixed 1.2+git0.322fea0-1.1
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
- CVE-2022-2553Jul 28, 2022affected < 1.0+20220724.dce51f9-1.1fixed 1.0+20220724.dce51f9-1.1
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.