CVE-2022-30629

ADVISORY - nist

Summary

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

EPSS Score⁠: 0.00048 (0.150)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-330⁠

Use of Insufficiently Random Values

ADVISORY - redhat

CWE-331⁠

Insufficient Entropy

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.