Search for vulnerabilities
Vulnerability details: VCID-m6nh-ysj9-aaar
Vulnerability ID VCID-m6nh-ysj9-aaar
Aliases CVE-2022-30629
Summary Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-330 Use of Insufficiently Random Values
CWE-331 Insufficient Entropy
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2022:5775
rhas Important https://access.redhat.com/errata/RHSA-2022:5799
rhas Important https://access.redhat.com/errata/RHSA-2022:5866
rhas Important https://access.redhat.com/errata/RHSA-2022:6040
rhas Important https://access.redhat.com/errata/RHSA-2022:6042
rhas Low https://access.redhat.com/errata/RHSA-2022:6102
rhas Moderate https://access.redhat.com/errata/RHSA-2022:6103
cvssv3 3.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30629.json
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00127 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
epss 0.00140 https://api.first.org/data/v1/epss?cve=CVE-2022-30629
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=2092793
cvssv3.1 3.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 3.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30629
cvssv3.1 3.1 https://nvd.nist.gov/vuln/detail/CVE-2022-30629
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30629.json
https://api.first.org/data/v1/epss?cve=CVE-2022-30629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://go.dev/cl/405994
https://go.dev/issue/52814
https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5
https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://pkg.go.dev/vuln/GO-2022-0531
https://security.netapp.com/advisory/ntap-20220915-0004/
2092793 https://bugzilla.redhat.com/show_bug.cgi?id=2092793
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
CVE-2022-30629 https://nvd.nist.gov/vuln/detail/CVE-2022-30629
RHSA-2022:5775 https://access.redhat.com/errata/RHSA-2022:5775
RHSA-2022:5799 https://access.redhat.com/errata/RHSA-2022:5799
RHSA-2022:5866 https://access.redhat.com/errata/RHSA-2022:5866
RHSA-2022:6040 https://access.redhat.com/errata/RHSA-2022:6040
RHSA-2022:6042 https://access.redhat.com/errata/RHSA-2022:6042
RHSA-2022:6102 https://access.redhat.com/errata/RHSA-2022:6102
RHSA-2022:6103 https://access.redhat.com/errata/RHSA-2022:6103
RHSA-2022:6152 https://access.redhat.com/errata/RHSA-2022:6152
RHSA-2022:6277 https://access.redhat.com/errata/RHSA-2022:6277
RHSA-2022:6290 https://access.redhat.com/errata/RHSA-2022:6290
RHSA-2022:6345 https://access.redhat.com/errata/RHSA-2022:6345
RHSA-2022:6346 https://access.redhat.com/errata/RHSA-2022:6346
RHSA-2022:6347 https://access.redhat.com/errata/RHSA-2022:6347
RHSA-2022:6348 https://access.redhat.com/errata/RHSA-2022:6348
RHSA-2022:6370 https://access.redhat.com/errata/RHSA-2022:6370
RHSA-2022:6430 https://access.redhat.com/errata/RHSA-2022:6430
RHSA-2022:6535 https://access.redhat.com/errata/RHSA-2022:6535
RHSA-2022:6696 https://access.redhat.com/errata/RHSA-2022:6696
RHSA-2022:8750 https://access.redhat.com/errata/RHSA-2022:8750
RHSA-2022:9047 https://access.redhat.com/errata/RHSA-2022:9047
RHSA-2023:0407 https://access.redhat.com/errata/RHSA-2023:0407
RHSA-2023:0408 https://access.redhat.com/errata/RHSA-2023:0408
RHSA-2023:0630 https://access.redhat.com/errata/RHSA-2023:0630
RHSA-2023:1275 https://access.redhat.com/errata/RHSA-2023:1275
RHSA-2023:1529 https://access.redhat.com/errata/RHSA-2023:1529
RHSA-2023:2253 https://access.redhat.com/errata/RHSA-2023:2253
RHSA-2023:2282 https://access.redhat.com/errata/RHSA-2023:2282
RHSA-2023:2283 https://access.redhat.com/errata/RHSA-2023:2283
RHSA-2023:2367 https://access.redhat.com/errata/RHSA-2023:2367
RHSA-2023:2758 https://access.redhat.com/errata/RHSA-2023:2758
RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642
RHSA-2023:3914 https://access.redhat.com/errata/RHSA-2023:3914
RHSA-2023:4488 https://access.redhat.com/errata/RHSA-2023:4488
USN-6038-1 https://usn.ubuntu.com/6038-1/
USN-6038-2 https://usn.ubuntu.com/6038-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30629.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-30629
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.09612
EPSS Score 0.00042
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.