Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
History

Sun, 08 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat multicluster Engine
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
Vendors & Products Redhat multicluster Engine

Mon, 19 Aug 2024 22:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:acm:2.4::el8
cpe:/a:redhat:acm:2.5::el8
cpe:/a:redhat:acm:2.6::el8
cpe:/a:redhat:multicluster_engine:2.1::el8
Vendors & Products Redhat multicluster Engine

cve-icon MITRE

Status: PUBLISHED

Assigner: Go

Published: 2022-08-09T20:17:31

Updated: 2024-08-03T06:56:13.230Z

Reserved: 2022-05-12T00:00:00

Link: CVE-2022-30629

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-10T20:15:40.560

Modified: 2024-11-21T07:03:03.717

Link: CVE-2022-30629

cve-icon Redhat

Severity : Low

Publid Date: 2022-06-02T00:00:00Z

Links: CVE-2022-30629 - Bugzilla