HMAC Vulnerability in Booth Cluster Ticket Manager
CVE-2024-3049
5.9MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.4 Telecommunications Update Service
- Red Hat Enterprise Linux 8.4 Update Services For SAP Solutions
- Red Hat Enterprise Linux 8.6 Telecommunications Update Service
- Vendor
- CVE Published:
- 6 June 2024
Summary
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Affected Version(s)
Red Hat Enterprise Linux 8 <= 0:1.1-1.el8_10.1
Red Hat Enterprise Linux 8.4 Telecommunications Update Service <= 0:1.0-199.1.ac1d34c.git.el8_4.2
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions <= 0:1.0-199.1.ac1d34c.git.el8_4.2
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: 5.9 to: 7.4 - (HIGH)
Risk change from: 5.9 to: 7.4 - (HIGH)
Risk change from: 5.9 to: 7.4 - (HIGH)
Risk change from: 5.9 to: 7.4 - (HIGH)
Risk change from: 5.9 to: 7.4 - (HIGH)
Risk change from: null to: 7.4 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database