CVE-2024-3049

MEDIUM

Booth < 1.1 - Insufficient Verification of Data Authenticity

Title source: llm

Description

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

References (13)

Core 13

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00037.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ERCFM3HXFJKLEMMWU3CZLPKH5LZAEDAN/

Issue Tracking

https://github.com/ClusterLabs/booth/pull/142

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/KPK5BHYOB7CFFRQAN55YV5LH44PWHMQD/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3657

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3658

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3659

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3660

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3661

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:4400

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:4411

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2024-3049

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2272082

Scores

CVSS v3 5.9

EPSS 0.0053

EPSS Percentile 40.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-345

Status published

Products (33)

clusterlabs/booth < 1.1

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:1.1-1.el8_10.1

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:1.0-199.1.ac1d34c.git.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.4 Telecommunications Update Service 0:1.0-199.1.ac1d34c.git.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions 0:1.0-199.1.ac1d34c.git.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.6 Telecommunications Update Service 0:1.0-199.1.ac1d34c.git.el8_6.2

Red Hat/Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions 0:1.0-199.1.ac1d34c.git.el8_6.2

Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Support 0:1.0-283.1.9d4029a.git.el8_8.1

... and 23 more

Published Jun 06, 2024

Tracked Since Feb 18, 2026