CVE-2024-3049 identifies a vulnerability in Booth, a cluster ticket manager, where insufficient verification of data authenticity occurs. The root cause is linked to the function gcry_md_get_algo_dlen(), which is responsible for obtaining the digest length of a cryptographic hash algorithm. When a specially-crafted hash input is passed to this function, the Booth server may erroneously accept an invalid HMAC (Hash-based Message Authentication Code). HMACs are critical for ensuring message integrity and authenticity; accepting an invalid HMAC undermines these guarantees, allowing an attacker to forge or tamper with data that the server treats as legitimate. The vulnerability affects Booth version 1.0-283.1 and was published on June 6, 2024. The CVSS v3.1 base score is 5.9, indicating medium severity, with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N. This means the attack can be performed remotely over the network but requires high attack complexity, no privileges, and no user interaction. The scope is unchanged, and the impact is limited to integrity, with no confidentiality or availability impact. No known exploits have been reported in the wild, but the flaw poses a risk to systems relying on Booth for secure cluster ticket management, potentially allowing attackers to bypass integrity checks and manipulate authentication tokens or tickets.

The primary impact of CVE-2024-3049 is the compromise of data integrity within systems using Booth for cluster ticket management. Attackers exploiting this vulnerability can cause the server to accept forged or tampered HMACs, potentially allowing unauthorized access or manipulation of cluster tickets. This can lead to unauthorized actions within the cluster environment, such as privilege escalation, unauthorized resource allocation, or disruption of cluster operations. While confidentiality and availability are not directly affected, the integrity breach can undermine trust in the system's authentication mechanisms, leading to broader security risks. Organizations relying on Booth in critical infrastructure, cloud environments, or distributed systems may face operational disruptions or security breaches if this vulnerability is exploited. The medium CVSS score reflects the moderate risk, given the high attack complexity and lack of authentication requirements, but the potential for significant integrity violations in sensitive environments.

To mitigate CVE-2024-3049, organizations should first apply any available patches or updates from the Booth maintainers or associated vendors as soon as they are released. In the absence of immediate patches, administrators should implement strict input validation to ensure that only valid hash inputs are processed by gcry_md_get_algo_dlen() and related functions. Monitoring and logging HMAC verification failures can help detect attempted exploitation. Network segmentation and access controls should be enforced to limit exposure of the Booth server to untrusted networks. Additionally, reviewing and hardening the cryptographic libraries and their usage within Booth can reduce the risk of malformed inputs causing verification bypass. Organizations should also conduct security audits and penetration testing focused on HMAC validation processes in their cluster management systems. Finally, maintaining an incident response plan that includes scenarios involving integrity compromise in cluster ticketing systems will improve preparedness.