Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for booth by clusterlabs

    CVE-2024-3049 (GCVE-0-2024-3049)

    Vulnerability from nvd – Published: 2024-06-06 05:30 – Updated: 2026-03-17 21:04
    VLAI
    Title
    Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
    Summary
    A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0-283.1
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.1-1.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::highavailability
        cpe:/a:redhat:enterprise_linux:8::resilientstorage
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.0-199.1.ac1d34c.git.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::highavailability
        cpe:/a:redhat:rhel_e4s:8.6::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.0-199.1.ac1d34c.git.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::highavailability
        cpe:/a:redhat:rhel_e4s:8.6::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.0-283.1.9d4029a.git.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::resilientstorage
        cpe:/a:redhat:rhel_eus:8.8::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.1-1.el9_4.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::resilientstorage
        cpe:/a:redhat:enterprise_linux:9::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0-251.3.bfb2f92.git.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
        cpe:/a:redhat:rhel_e4s:9.0::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.0-283.1.9d4029a.git.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::resilientstorage
        cpe:/a:redhat:rhel_eus:9.2::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2024-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T20:24:04.305850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T20:24:16.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:03:12.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3657"
              },
              {
                "name": "RHSA-2024:3658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3658"
              },
              {
                "name": "RHSA-2024:3659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3659"
              },
              {
                "name": "RHSA-2024:3660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3660"
              },
              {
                "name": "RHSA-2024:3661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3661"
              },
              {
                "name": "RHSA-2024:4400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4400"
              },
              {
                "name": "RHSA-2024:4411",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4411"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3049"
              },
              {
                "name": "RHBZ#2272082",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ClusterLabs/booth",
              "defaultStatus": "unaffected",
              "packageName": "booth",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0-283.1"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::highavailability",
                "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1-1.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::highavailability",
                "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::highavailability",
                "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::resilientstorage",
                "cpe:/a:redhat:rhel_eus:8.8::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-283.1.9d4029a.git.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
                "cpe:/a:redhat:enterprise_linux:9::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1-1.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage",
                "cpe:/a:redhat:rhel_e4s:9.0::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-251.3.bfb2f92.git.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
                "cpe:/a:redhat:rhel_eus:9.2::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-283.1.9d4029a.git.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T21:04:05.024Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3657"
            },
            {
              "name": "RHSA-2024:3658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3658"
            },
            {
              "name": "RHSA-2024:3659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3659"
            },
            {
              "name": "RHSA-2024:3660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3660"
            },
            {
              "name": "RHSA-2024:3661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3661"
            },
            {
              "name": "RHSA-2024:4400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4400"
            },
            {
              "name": "RHSA-2024:4411",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4411"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3049"
            },
            {
              "name": "RHBZ#2272082",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272082"
            },
            {
              "url": "https://github.com/ClusterLabs/booth/pull/142"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-28T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Booth: specially crafted hash can lead to invalid hmac being accepted by booth server",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3049",
        "datePublished": "2024-06-06T05:30:04.137Z",
        "dateReserved": "2024-03-28T17:17:50.507Z",
        "dateUpdated": "2026-03-17T21:04:05.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-2553 (GCVE-0-2022-2553)

    Vulnerability from nvd – Published: 2022-07-28 00:00 – Updated: 2024-08-03 00:39
    VLAI
    Summary
    The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Booth Affected: Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:08.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67"
              },
              {
                "name": "DSA-5194",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5194"
              },
              {
                "name": "FEDORA-2022-e0a87993b8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/"
              },
              {
                "name": "FEDORA-2022-6744980220",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Booth",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67"
            },
            {
              "name": "DSA-5194",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5194"
            },
            {
              "name": "FEDORA-2022-e0a87993b8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/"
            },
            {
              "name": "FEDORA-2022-6744980220",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2553",
        "datePublished": "2022-07-28T00:00:00.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:39:08.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3049 (GCVE-0-2024-3049)

    Vulnerability from cvelistv5 – Published: 2024-06-06 05:30 – Updated: 2026-03-17 21:04
    VLAI
    Title
    Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
    Summary
    A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-345 - Insufficient Verification of Data Authenticity
    Assigner
    Impacted products
    Vendor Product Version
    Affected: 1.0-283.1
    Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.1-1.el8_10.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:8::highavailability
        cpe:/a:redhat:enterprise_linux:8::resilientstorage
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:1.0-199.1.ac1d34c.git.el8_4.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:8.4::highavailability
        cpe:/a:redhat:rhel_tus:8.4::highavailability
        cpe:/a:redhat:rhel_aus:8.4::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Telecommunications Update Service Unaffected: 0:1.0-199.1.ac1d34c.git.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::highavailability
        cpe:/a:redhat:rhel_e4s:8.6::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Unaffected: 0:1.0-199.1.ac1d34c.git.el8_6.2 , < * (rpm)
        cpe:/a:redhat:rhel_tus:8.6::highavailability
        cpe:/a:redhat:rhel_e4s:8.6::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:1.0-283.1.9d4029a.git.el8_8.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:8.8::resilientstorage
        cpe:/a:redhat:rhel_eus:8.8::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.1-1.el9_4.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::resilientstorage
        cpe:/a:redhat:enterprise_linux:9::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Unaffected: 0:1.0-251.3.bfb2f92.git.el9_0.2 , < * (rpm)
        cpe:/a:redhat:rhel_e4s:9.0::resilientstorage
        cpe:/a:redhat:rhel_e4s:9.0::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:1.0-283.1.9d4029a.git.el9_2.1 , < * (rpm)
        cpe:/a:redhat:rhel_eus:9.2::resilientstorage
        cpe:/a:redhat:rhel_eus:9.2::highavailability
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Date Public
    2024-05-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3049",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-13T20:24:04.305850Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-13T20:24:16.483Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-09-24T18:03:12.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:3657",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3657"
              },
              {
                "name": "RHSA-2024:3658",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3658"
              },
              {
                "name": "RHSA-2024:3659",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3659"
              },
              {
                "name": "RHSA-2024:3660",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3660"
              },
              {
                "name": "RHSA-2024:3661",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:3661"
              },
              {
                "name": "RHSA-2024:4400",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4400"
              },
              {
                "name": "RHSA-2024:4411",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:4411"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2024-3049"
              },
              {
                "name": "RHBZ#2272082",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/ClusterLabs/booth",
              "defaultStatus": "unaffected",
              "packageName": "booth",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0-283.1"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:8::highavailability",
                "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1-1.el8_10.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:8.4::highavailability",
                "cpe:/a:redhat:rhel_tus:8.4::highavailability",
                "cpe:/a:redhat:rhel_aus:8.4::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_4.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::highavailability",
                "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_tus:8.6::highavailability",
                "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-199.1.ac1d34c.git.el8_6.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:8.8::resilientstorage",
                "cpe:/a:redhat:rhel_eus:8.8::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-283.1.9d4029a.git.el8_8.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::resilientstorage",
                "cpe:/a:redhat:enterprise_linux:9::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.1-1.el9_4.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_e4s:9.0::resilientstorage",
                "cpe:/a:redhat:rhel_e4s:9.0::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-251.3.bfb2f92.git.el9_0.2",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:rhel_eus:9.2::resilientstorage",
                "cpe:/a:redhat:rhel_eus:9.2::highavailability"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:1.0-283.1.9d4029a.git.el9_2.1",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:10"
              ],
              "defaultStatus": "unknown",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 10",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "affected",
              "packageName": "booth",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-05-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Important"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "Insufficient Verification of Data Authenticity",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-17T21:04:05.024Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:3657",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3657"
            },
            {
              "name": "RHSA-2024:3658",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3658"
            },
            {
              "name": "RHSA-2024:3659",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3659"
            },
            {
              "name": "RHSA-2024:3660",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3660"
            },
            {
              "name": "RHSA-2024:3661",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:3661"
            },
            {
              "name": "RHSA-2024:4400",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4400"
            },
            {
              "name": "RHSA-2024:4411",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:4411"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2024-3049"
            },
            {
              "name": "RHBZ#2272082",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272082"
            },
            {
              "url": "https://github.com/ClusterLabs/booth/pull/142"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-28T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-05-27T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Booth: specially crafted hash can lead to invalid hmac being accepted by booth server",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-345: Insufficient Verification of Data Authenticity"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2024-3049",
        "datePublished": "2024-06-06T05:30:04.137Z",
        "dateReserved": "2024-03-28T17:17:50.507Z",
        "dateUpdated": "2026-03-17T21:04:05.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-2553 (GCVE-0-2022-2553)

    Vulnerability from cvelistv5 – Published: 2022-07-28 00:00 – Updated: 2024-08-03 00:39
    VLAI
    Summary
    The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.
    Severity
    No CVSS data available.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    n/a Booth Affected: Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:39:08.049Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67"
              },
              {
                "name": "DSA-5194",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5194"
              },
              {
                "name": "FEDORA-2022-e0a87993b8",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/"
              },
              {
                "name": "FEDORA-2022-6744980220",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Booth",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Booth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7."
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-11T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67"
            },
            {
              "name": "DSA-5194",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5194"
            },
            {
              "name": "FEDORA-2022-e0a87993b8",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4T4TTXAABVUCMPUL7XQ2PH5EYYOOQZY/"
            },
            {
              "name": "FEDORA-2022-6744980220",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHDOFX7NQFH3UGZZA3SGW5SVMDDHIUVD/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2022-2553",
        "datePublished": "2022-07-28T00:00:00.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:39:08.049Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }