CVE-2022-2553

Summary

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster.

Affected Software

VendorProductVersion RangeStatus
n/aBoothBooth versions after v1.0-85-gda79b8b are vulnerable. Resolved in booth v1.0-263-g35bf0b7.affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References