Описание
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the cluster.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | booth | Out of support scope | ||
| Red Hat Enterprise Linux 8 | booth | Fixed | RHSA-2022:6439 | 13.09.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | booth | Fixed | RHSA-2022:6250 | 30.08.2022 |
| Red Hat Enterprise Linux 9 | booth | Fixed | RHSA-2022:6580 | 20.09.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
The authfile directive in the booth config file is ignored preventing use of authentication in communications from node to node. As a result nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
The authfile directive in the booth config file is ignored, preventing ...
EPSS
6.5 Medium
CVSS3